Using CA Tape Encryption in Your z/OS Environment › Business-to-Business Encryption Using Code Books › Code Book Importing by a Non-z/OS Business Partner › How the MDU Works for Decryption Processing
How the MDU Works for Decryption Processing
Business partners in non-z/OS environments use the Multiplatform Decryption Utility to import code book files and decrypt files from B2B tapes that have been encrypted by CA Tape Encryption in z/OS environments. The following points outline how you use the MDU to import and decrypt these files:
- When you receive a B2B tape that was created using a code book, you need to import the code book file into the MDU.
- This import process reads information that uniquely identifies the original code book and the individual instances of the code book arrays.
- The code book file is cataloged according to the unique code book identifier and copied into a special directory structure where the MDU can quickly find it during decryption processing.
- When you have the z/OS tape headers and encrypted data on the local file system, use the MDU to decrypt the encrypted file. This results in a plain-text copy of the file. The original file is not overwritten during this process.
- The MDU reads the tape header file to extract information about the tape file, including information that identifies the code book and elements from the code book that are needed to decrypt the encrypted data file.
- If the needed code book has not been imported by the MDU Import process, an error message is generated to indicate that the required code book cannot be found. If this happens, get the needed code book, run the Import process, and attempt to decrypt the file again.
- The Decrypt function of the MDU requires that you enter the passkey that was used to encrypt the code book at export time.
- If the MDU finds the needed code book, it uses the passkey supplied to the Decrypt function.
- The utility verifies that the passkey is correct by decrypting a special signature that resides inside the code book.
- If the decrypt of this signature fails, then the passkey is not the same as the key that was used during the export process in the z/OS environment.
