, October 10, 2012 6:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: OpenPGP doesn't use crypto hardware? was Re: OpenPGP Encryption
Re: PGP is good encryption but it is not in use very much on IBM mainframes
because the encryption can not be offloaded to crypto hardware ...
I'm confused since
In order to use OpenPGP, you have to have CPACF (which may or may not
already be on your system.. but is free) and a crypto express 2/3/4
card/feature. Otherwise the Encryption Facility ( that OpenPGP is a part
of ) is relegated to a smaller subset of functionality which does not
include OpenPGP.
Rob Schramm wrote:
In order to use OpenPGP, you have to have CPACF (which may or may not
already be on your system.. but is free) and a crypto express 2/3/4
card/feature. Otherwise the Encryption Facility ( that OpenPGP is a part
of ) is relegated to a smaller subset of functionality which does
PGP is used to encrypt data files
PGP is good encryption but it is not in use very much on IBM mainframes because
the encryption can not be offloaded to crypto hardware , like RSA/DSA (Using
crypto express cards) and AES/DES using CPACF
And some people consider it a waste of good cpu time to
Re: PGP is good encryption but it is not in use very much on IBM mainframes
because the encryption can not be offloaded to crypto hardware ...
I'm confused since the OpenPGP doc mentions hardware encryption in several
places.
I recently had a project to get OpenPGP working on z/os 1.13. I am
If Mr. Marshall would care to be specific about his reference?
I am pretty sure he is incorrect.
This reference is dated... but clearly specifies Encryption Facility 1.2
will have support for hardware encryption ..
http://www-03.ibm.com/systems/z/os/zos/encryption_facility/#note1
Additionally,
Currently, our OpenPGP encryption is done using a Windows server and the
IPSwitch WS_FTP Client software. Configuration displays from the client
indicate that we are using RSA, DSA and DH keys with sizes of 1024 and 2048
bits. Cipher algorithms include AES-256, Triple-DES, BLOWFISH and CAST5
You might want to take a look at MegaCryption from ASPG.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Gary Snider
Sent: Tuesday, October 09, 2012 3:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: OpenPGP Encryption
Currently, our
Gary Snider asked about RSA, DSA, and DH on a z10.
Those all require a Crypto Express.
Randall Gross added:
You might want to take a look at MegaCryption from ASPG.
Or Voltage SecureData for z/OS, which is a multi-platform, enterprise solution
that offers various features, most notably
] On Behalf
Of Gary Snider
Sent: Tuesday, October 09, 2012 3:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: OpenPGP Encryption
Currently, our OpenPGP encryption is done using a Windows server and the
IPSwitch WS_FTP Client software. Configuration displays from the client
indicate that we are using RSA, DSA
You can use the (free) Co:Z Launcher to implement a z/OS Hybrid batch job
that offloads PGP encryption to a *nix server (zBX blade, zLinux guest,
etc), running the free gpg command on *nix. For annotated example JCL,
see: http://dovetail.com/docs/coz/cookbook.html#4_3
By default the
11 matches
Mail list logo