Using CA Tape Encryption in Your z/OS EnvironmentBusiness-to-Business Encryption › Encryption for Business Partners with Non-z/OS Environments

Previous Topic: Encryption for Business Partners with z/OS Environments

Next Topic: Business-to-Business Encryption Using Digital Certificates

Encryption for Business Partners with Non-z/OS Environments

Encryption for business partners that are running in non-z/OS environments uses a form of B2B tape sharing based on the concept of an electronic code book. CA Tape Encryption can build one or more code books. Each code book contains 1,024 random, 4-byte values. These code books are encrypted and stored in the BES database. Each time a B2B tape is created using the code book method, a specific code book is selected, based on information in the DFSMS data class definition. Elements from the code book are then randomly selected to form a symmetric key.

This form of B2B tape sharing does not place the symmetric key used to encrypt the tape data on the tape. Instead, it places on the tape information that identifies the code book that was used and which elements of the code book were selected.

Code books that are built and stored in the BES database on the z/OS platform must be exported out of the database where they are re-encrypted under a user-specified passkey and written out to a sequential dataset. This sequential dataset can then be sent to the non-z/OS B2B partners through email, FTP or some other electronic means. The passkey used during the export process must also be provided to your B2B partners. This passkey should be sent separately from the electronic code book to protect against the possibility of someone intercepting both the code book and its passkey.

Business partners in non-z/OS environments must use the CA Tape Encryption Multiplatform Decryption Utility (MDU) to decrypt the tape. This utility reads the information from the user header labels of encrypted tape files and can identify which code book is needed, as well as the elements in the code book that make up the correct symmetric key to decrypt the encrypted tape file.

Note: The MDU only supports the decryption of standard fixed or fixed-blocked datasets (RECFM=F, FB). When encrypting data for your non-z/OS business partners, do not include any other z/OS data set formats.

For more information about the MDU, see Multiplatform Decryption Utility User Guide or the utility's online help.