Defining Keys in Parmlib › Keys for Business Partners › How B2B Keys Work with Code Books for Sending Tapes to Business Partners

How B2B Keys Work with Code Books for Sending Tapes to Business Partners

Use B2B keys generated from a code book to securely transfer encrypted tapes from one organization running a z/OS environment to another organization running a non-z/OS environment. The following points outline how B2B tapes and code books work for sending tapes to business partners in non z/OS environments:

• Define code books to the BES database before creating a tape, using the <B2BCodeBooks> section of parmlib.
• Issue the REFRESH=CODEBOOKS operator command or restart the BES subsystem to activate these parmlib changes.
• Use DFSMS to define one or more data classes for encrypting B2B tapes that reference the defined code books, or use the CA@BES class with the security protection profiles in your security system.
• During tape OPEN for output processing, CA Tape Encryption encounters a tape file that is classified by its data class as a B2B tape requiring code book encryption.
• A symmetric key is randomly-generated from the code book and is used in the following manner:
  • Used to encrypt the data on the tape.
  • Only for use with this particular tape. It is not reused.
  • Information is stored in header labels on the tape to identify it as being encrypted by CA Tape Encryption using the code book method.
• Information is stored in a header label on the tape to identify the specific code book and how to rebuild the symmetric key.
• When the application writes data to the tape, CA Tape Encryption intercepts the data and encrypts it using the symmetric key.
• The specific code book is exported from the BES database to a sequential dataset suitable for electronic transmission to business partners. The export process requires that you provide a passkey at export time. Use this passkey to encrypt the exported version of the code book.
• The following items are sent separately to the business partner:
  • The encrypted tape.
  • The exported version of the code book.
  • The passkey used during the export process.

  Note: Send these items separately to minimize the possibility of someone intercepting all the items needed to decrypt your data.

  If necessary, send a copy of the CA Tape Encryption Multiplatform Decryption Utility to your business partner.