Yes, this is (very!) basically what the TLS certificate key exchange does under the covers. For a minimal solution, you only need one asymmetric key pair:
A Creates public/private pair and sends public key to B B Generates random number, encrypts with A's public key, and sends it to A A Decrypts the random number with the private key Voila! Both sides have a secret random number to use for symmetric encryption Implicit in the above is that asymmetric is way too slow to use directly for bulk data transfer. Why re-invent the wheel? Why not use one of the secure variants of FTP, which already do the above and more, more or less perfectly. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Radoslaw Skorupka Sent: Friday, January 14, 2022 10:00 AM To: [email protected] Subject: ICSF key exchange scenario Let's assume two z/OS images and some data exchange. One of possible methods is symmetric encryption. However that requires key exchange. I have the following idea: 1. Both sides create asymetric key. 2. Public keys are exported and exchanged. 3. One side encrypt symm key using public key of another side. 4. Second side decrypt symm key using it's own private key. Does it make sense? Any hints? What services to use in steps 4. and 5. ? -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
