Using Digital Certificates › CA Tape Encryption and Digital Certificates › How Keys Are Generated and Transmitted

How Keys Are Generated and Transmitted

When you send a tape to a system that does not share the same key repository as the system creating the tape, you need a way to securely share keys with the business partner that will be reading the encrypted tape. The following points outline how this process works for CA Tape Encryption:

• To provide a secure method for transmitting both the data and the key used to encrypt the data, an asymmetric key and a symmetric key are used for these external B2B tapes.
• The business partner that will receive the encrypted tape must have a version of CA Tape Encryption installed, either the full product, the free version, or one of the available CA Tape Encryption options.
• If you are the business partner who wishes to receive encrypted tapes, do the following to prepare a digital certificate for use with CA Tape Encryption:
  • Generate a digital certificate for use with CA Tape Encryption, using your security system.
  • Export the certificate in X.509 format.
  • Transfer the exported file to the site that will create the encrypted tape, using FTP, email, or any normal means.
• If you are the business partner who will create the encrypted tape, do the following:
  • Import your business partner's digital certificate into your security system.
  • Add the certificate to a key ring that can be accessed by a CA Tape Encryption user or started task.
• To send an encrypted tape to the business partner, CA Tape Encryption does the following:
  • Creates a single-use symmetric data encryption key for each B2B tape.
  • Retrieves the public key portion of the business partner's public key/private key pair from the digital certificate in the security system.
  • Uses the public key to encrypt the symmetric key that is used to encrypt data.
  • Stores the resulting encrypted key in the tape labels.
  • Writes the data to the tape in encrypted format using the symmetric key.

  The tape is now ready to be sent to the business partner.

  CA Tape Encryption, running on the system of the business partner who receives the encrypted tape, obtains the private key from the security system to transparently decrypt the symmetric key that is stored in the tape labels and uses the symmetric key to decrypt the data on the tape.