How Digital Certificates are Obtained and Used

The following describes the process of obtaining and using digital certificates:

You can obtain the digital certificate of a business partner from a Certification Authority and store it in the database of your security product.
The security products store the certificates as resources owned by specific users.
A certificate is added to the security product database by or on behalf of a user by a security administrator, and is only available to that user.
The information can be made available to an authorized application such as CA Tape Encryption, which can access it when you need to send a tape to that business partner.
When exported, the digital certificate contains the public key portion of the public key/private key pair of the business partner.
Because data encrypted with the public key can only be decrypted with the associated private key, the data can be transmitted in a secure manner.
Parameter attributes in the parmlib are used to identify the key ring of a business partner and associate the digital certificate specified in the DFSMS data class or the key protection profiles in your security system with that key ring.
The public key is exported from the security product database and sent to the system where the tape will be created. The public key is then used to encrypt the symmetric data encryption key, which is used to actually encrypt the tape file.