Using Digital CertificatesDigital Certificates and Key Rings › Example: How a B2B Tape Is Created Using Digital Certificates

Previous Topic: How Digital Certificates Are Used

Next Topic: Example: How an Encrypted B2B Tape is Read

Example: How a B2B Tape Is Created Using Digital Certificates

The following example describes the process of creating a tape using a digital certificate:

  1. If a business partner on system A wants to receive encrypted tapes from a business partner on system B, the user on system A uses a security product to generate a public key/private key pair to create a digital certificate.
  2. The certificate is stored in the security product database on system A.
  3. The certificate is then exported in X.509 format and sent to the site that will create the encrypted tape, system B. (This can also be done through Certification Authorities.) In this manner, system A has transmitted a public key to system B.
  4. System B adds the certificate from system A to its security product database, and connects the certificate to a key ring that has been created specifically for the CA Tape Encryption started task.
  5. When making a tape to send to system A, a user or process on system B creates an encrypted tape by specifying a DFSMS data class if using DFSMS, or CA@BES if using security protection profiles in your security system, that indicates the use of public key encryption, and specifies the certificate label of the digital certificate that belongs to system A.
  6. During the creation of the tape on system B, the security system is queried for the certificates on its key rings, and the public key is extracted from the proper certificate, based on the label specified in the DFSMS data class definition if using DFSMS, or in the security protection profiles if using your security system.
  7. A new randomly-generated symmetric key is also created and used to encrypt the data before it is written to tape.
  8. The public key is used to encrypt the symmetric key, and the resulting encrypted symmetric key is written to the tape using standard user header labels.
  9. The certificate label name is also written out to a user header label in clear text.
  10. After the user header labels have been written, the application can write the data to the tape.
  11. CA Tape Encryption intercepts the data and encrypts it before placing it on the tape.