On Thu, 17 Jan 2013 12:39:11 -0800, Phil Smith <[email protected]> wrote:
>Mark Jacobs wrote: >>I've been reading the ICSF Applications Programmers guide and I understand >>the process on how to transport ICSF keys to another zOS system using >>importer/exporter keys, but I have no idea on how it would work on a non-zOS >>platform. > >>Can anyone point me to some doc, or share their process if they've already >>done it? > >FYI, there's no such thing as an "ICSF key". There are keys of various sorts >that ICSF manages, but they aren't ICSF-ized per se. I guess if they're >wrapped (encrypted) in a Crypto Express, they could be sort of thought of as >being bound to ICSF, but they still are really just 56 or 64 or 128 or 192 or >256 or however many bits of key material. > >So...having said that, what do you mean by "how it would work on a non-z/OS >platform"? How WHAT would work? An AES key is an AES key: if you have an AES >algorithm and a key, you can encrypt data, and you'll get the same result on >any platform (assuming you're using the same AES mode, etc.). > >I feel like I'm taking you to task here, and I don't mean to be - just trying >to understand what your real question is! I read it as, "how would I extract a key from ICSF and send it to a non-z/OS system?" -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
