Yes. I've read the manual enough that I believe that I understand the
process. Define a an exported key with a clear value (so I know what it
is). Give the value of the exporter key to the target site, wrap the
symmetric key with the exporter key, and send that key to the them.
I don't know how it works on the other side, if the they're not a zOS
shop with ICSF.
Mark Jacobs
On 01/17/13 20:53, Walt Farrell wrote:
On Thu, 17 Jan 2013 12:39:11 -0800, Phil Smith <[email protected]> wrote:
Mark Jacobs wrote:
I've been reading the ICSF Applications Programmers guide and I understand the
process on how to transport ICSF keys to another zOS system using
importer/exporter keys, but I have no idea on how it would work on a non-zOS
platform.
Can anyone point me to some doc, or share their process if they've already done
it?
FYI, there's no such thing as an "ICSF key". There are keys of various sorts
that ICSF manages, but they aren't ICSF-ized per se. I guess if they're wrapped
(encrypted) in a Crypto Express, they could be sort of thought of as being bound to ICSF,
but they still are really just 56 or 64 or 128 or 192 or 256 or however many bits of key
material.
So...having said that, what do you mean by "how it would work on a non-z/OS
platform"? How WHAT would work? An AES key is an AES key: if you have an AES
algorithm and a key, you can encrypt data, and you'll get the same result on any platform
(assuming you're using the same AES mode, etc.).
I feel like I'm taking you to task here, and I don't mean to be - just trying
to understand what your real question is!
I read it as, "how would I extract a key from ICSF and send it to a non-z/OS
system?"
--
Mark Jacobs
Time Customer Service
Tampa, FL
----
The quiet ones are the ones that change the universe...
The loud ones only take the credit.
Londo Mollari - Babylon 5
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
