Agreed. By "roll your own" I was referring to >1) Create an asymmetric public + private key pair on the destination >system. >2) Transfer the destination system's public key to the source system. >3) Create a symmetric key on the source system.
Etc. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Grant Taylor Sent: Thursday, July 22, 2021 4:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How should I send file to another sysplex securely. On 7/22/21 2:58 PM, Charles Mills wrote: > I would say in no event does the OP want to "roll his own" or "cobble > something together out of bits and pieces." I think we have different ideas of what "roll your own" means. Personally, I don't believe that running some standard commands (at least from a unix perspective), transferring two files, and running some closely related commands to be "rolling your own". At least not any more than creating JCL is "roll your own". > This problem is what FTP does for a living. Agreed. > An investment in secure FTP is an investment in the future, not just > this one problem. Yes. Though, sometimes such an /investment/ means a LOT more work, especially if something is going to be persistent and need to adhere to corporate security policies / scans / etc. Often, especially for one off cases, doing a little bit more work manually is the simpler and faster of the solutions. > Oh! In Step 3 below, add to the sentence "... using a secure > cryptographic-quality random-number generator." Agreed. I expect that any contemporary / patched operating system to sufficiently address this concern. Especially when following vendor best practices regarding cryptographic utilities that they provide. > Again, you don't want to roll your own on this. Waaaay too many traps > for the unwary. See above. There is a big difference in putting some commands in JCL vs coding your own cryptographic algorithms, including the math and keying algorithms. There is an apt saying for that "friends don't let friends create their own cryptographic algorithms". Friends help friends use well established cryptographic algorithms in the proper way. -- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
