I should have added, in our solution the data was offline, tape data
being shipped to clearing houses and banks :(
my POC doc and my finding doc I found, written in 2004 :( so very old
Carmen
On 1/14/2022 12:39 PM, Charles Mills wrote:
Yes, this is (very!) basically what the TLS certificate key exchange does under
the covers. For a minimal solution, you only need one asymmetric key pair:
A Creates public/private pair and sends public key to B
B Generates random number, encrypts with A's public key, and sends it to A
A Decrypts the random number with the private key
Voila! Both sides have a secret random number to use for symmetric encryption
Implicit in the above is that asymmetric is way too slow to use directly for
bulk data transfer.
Why re-invent the wheel? Why not use one of the secure variants of FTP, which
already do the above and more, more or less perfectly.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Radoslaw Skorupka
Sent: Friday, January 14, 2022 10:00 AM
To:[email protected]
Subject: ICSF key exchange scenario
Let's assume two z/OS images and some data exchange.
One of possible methods is symmetric encryption.
However that requires key exchange.
I have the following idea:
1. Both sides create asymetric key.
2. Public keys are exported and exchanged.
3. One side encrypt symm key using public key of another side.
4. Second side decrypt symm key using it's own private key.
Does it make sense?
Any hints?
What services to use in steps 4. and 5. ?
--
/I am not bound to win, but I am bound to be true. I am not bound to
succeed, but I am bound to live by the light that I have. I must stand
with anybody that stands right, and stand with him while he is right,
and part with him when he goes wrong. *Abraham Lincoln*/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
