Using CA Tape Encryption in Your z/OS Environment › Business-to-Business Encryption Using Code Books › How B2B Tape Encryption Works Using Code Books
How B2B Tape Encryption Works Using Code Books
B2B tape sharing using the code book methodology provides a secure means of sharing both the key for decrypting data and the encrypted data itself. In this regard, it is similar to B2B tape sharing using digital certificates. Unlike B2B tapes that use digital certificates, however, tapes that use code books do not place the key and the data on the tape together.
The following list outlines how the B2B tape encryption process works using code books:
- To send a B2B tape to a business partner, you must first obtain their agreement to use CA Tape Encryption and verify that their intent is to read these tapes on a non-z/OS platform supported by the CA Tape Encryption Multiplatform Decryption Utility. You can send a copy of this freely-available utility to any of your business partners as needed.
- At tape creation time, CA Tape Encryption uses a code book specified in the DFSMS dataclass description field or in the userdata stored in the security system for the data set profile of the matching data set to encrypt the data.
- The following items are sent separately to the business partner:
- The encrypted file or files, sent in the form of tape or by electronic means.
- The code book. By using the TBEBOOK export utility on the z/OS platform, you can export the code book into a form that subsequently can be sent to the business partner.
- The passkey used during the export process.
- The business partner receives the exported code book and imports the code book file into the Multiplatform Decryption Utility.
- The business partner receives the encrypted file or files and uses existing utilities and services on the non-z/OS platform to unload the z/OS tape headers and encrypted data onto the local file system.
- After the z/OS tape headers and encrypted data are on the local file system, the business partner executes the Multiplatform Decryption Utility to decrypt the file. This creates a plain-text copy of the file. The original file is not overwritten during this process.
- If the code book has been properly imported using the MDU, and the encrypted data and tape header files have been properly unloaded onto the local file system, and the passkey provided is correct, the MDU will select the appropriate code book array and the needed elements from that array to form a symmetric key which will then be used to decrypt the encrypted file.
