How You Manage Key Rings

Defining Keys in Parmlib › Keys for Business Partners › How You Manage Key Rings

How You Manage Key Rings

Use the ShareRingAlias and UserRingAlias attributes to define customizable section names for key rings that will contain your business partner's RSA digital certificates. The following points outline how the section names for these attributes work:

Use one or more ShareRingAlias attributes to specify the key rings that are owned by the CA Tape Encryption address space.
Use a single UserRingAlias attribute to specify the key ring name that is owned by the tape job address space.
Use the section names defined by ShareRingAlias and UserRingAlias to specify attributes for each key ring. Specify the KeyringName, which refers to the key ring stored in your security system.
Specify the B2BRsaKeepHours, which indicates the number of hours to retain the symmetric key used to encrypt the data on the tape.
Note: Retaining the symmetric keys for B2B processing may be important in your site because of the nature of B2B processing. Only the site that has the RSA private key can normally access the symmetric key. Therefore, these keys may be retained for a period of time to support activities such as mod processing onto an existing encrypted file, or reading an encrypted file to verify its contents before sending it to your B2B partner.
After the B2BRsaKeepHours interval is reached, the symmetric key is no longer retained in the CA Tape Encryption database. Keys created for B2B tapes are single-use keys. Unlike processing for in-house tapes, the tape management system does not retain a key index for B2B tapes.

Tell Technical Publications how we can improve this information