@Gil, works better than that. Watch my presentation <g> referenced earlier.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Thursday, July 22, 2021 2:18 PM To: [email protected] Subject: Re: How should I send file to another sysplex securely. On Thu, 22 Jul 2021 14:05:31 -0600, Grant Taylor wrote: >On 7/22/21 12:49 PM, Mike Hochee wrote: >> ... >There is also a hybrid approach in which a symmetric key is used to >encrypt / decrypt the data and asymmetric keys to protect the first key. > -- My understanding is that symmetric encryption is multiple orders >of magnitude faster than asymmetric encryption. > This is routinely, almost universally, done for asymmetric encryption. It lacks authentication and does not prevent MITM attacks: o An intruder can masquerade as the sender and supply forged data. o An intruder can masquerade as the recipient and intercept sensitive data. o Or both, if you're lucky. I believe (I'm mostly guessing) that a Certificate Authority provides authentication in a repository of public keys but, "Quis custodiet ipsos custodes?" Computers come with a table of recognized CAs and their public keys embedded in the OS. This amounts to making the computer vendors the ultimate Certificate authorities. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf Or, the CAs could announce their public keys on NewsMax or Twitter. >1) Create an asymmetric public + private key pair on the destination >system. >2) Transfer the destination system's public key to the source system. >3) Create a symmetric key on the source system. >4) Use the source system's symmetric key to encrypt the data. >5) Use the destination system's asymmetric public key to encrypt the >source system's symmetric key. >6) Transfer both the encrypted data and the encrypted symmetric key >from the source system to the destination system. >7) Use the destination system's asymmetric private key to decrypt the >source system's symmetric key. >8) Use the decrypted source system's symmetric key to decrypt the data. >... >n) PROFIT!!! > >The data and the symmetric key protecting it are only unencrypted on the >source and destination system. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
