Using Encryption Facility for Openpgp

Total Page:16

File Type:pdf, Size:1020Kb

Using Encryption Facility for Openpgp Encryption Facility for z/OS Version 1 Release 2 Using Encryption Facility for OpenPGP IBM SA23-2230-30 Note Before using this information and the product it supports, read the information in “Notices” on page 183. This edition applies to Version 1 Release 2 of IBM Encryption Facility for z/OS (5655-P97) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-02-17 © Copyright International Business Machines Corporation 2007, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents List of Figures....................................................................................................... ix List of Tables........................................................................................................ xi About this document...........................................................................................xiii Who should read this document............................................................................................................... xiii How to use this document.........................................................................................................................xiii Where to find more information................................................................................................................ xiii Related publications............................................................................................................................ xiii Other sources of information.................................................................................................................... xiv IBM discussion area.............................................................................................................................xiv Internet sources...................................................................................................................................xiv How to send your comments to IBM.....................................................................xvi If you have a technical problem................................................................................................................ xvi Summary of changes..........................................................................................xvii Changes made in IBM Encryption Facility for z/OS Version 1 Release 2................................................ xvii Changes made in IBM Encryption Facility for z/OS Version 1 Release 2 as updated September 2015....................................................................................................................................................xviii Changes made in IBM Encryption Facility for z/OS Version 1 Release 2 as updated June 2014......... xviii Chapter 1. Overview of IBM Encryption Facility for OpenPGP.................................. 1 What is Encryption Facility for OpenPGP? ..................................................................................................1 What is OpenPGP?..................................................................................................................................1 What does Encryption Facility for OpenPGP do?...................................................................................1 Understanding OpenPGP ............................................................................................................................ 2 Understanding session keys and data encryption ................................................................................2 Understanding public-key encryption....................................................................................................2 Understanding passphrase-based encryption...................................................................................... 3 How Encryption Facility for OpenPGP works.............................................................................................. 3 Using z/OS data sets...............................................................................................................................3 Compressing data...................................................................................................................................4 Using ASCII Armor..................................................................................................................................4 Authenticating through digital signatures............................................................................................. 4 Using security keys, certificates, and repositories................................................................................ 4 Using ICSF and RACF..............................................................................................................................5 Participating in OpenPGP key exchange................................................................................................6 Java algorithm support for Encryption Facility for OpenPGP..................................................................... 6 Default OpenPGP algorithm preferences.................................................................................................... 9 Symmetric algorithm preference list..................................................................................................... 9 Message digest algorithm preference list..............................................................................................9 Compression algorithm preference list............................................................................................... 10 Supported key sizes...................................................................................................................................10 Encryption Facility considerations when changing Java release levels...................................................10 Supported character sets.......................................................................................................................... 11 Hardware and software requirements...................................................................................................... 12 Hardware requirements....................................................................................................................... 12 Software requirements........................................................................................................................ 12 Chapter 2. Getting started................................................................................... 15 How do I install Encryption Facility for OpenPGP?................................................................................... 15 ICSF considerations...................................................................................................................................15 RACF considerations..................................................................................................................................16 iii Batch, UNIX System Services, and Java considerations.......................................................................... 16 Getting started basic steps........................................................................................................................17 Chapter 3. Using Encryption Facility for OpenPGP.................................................19 Reading and writing to z/OS data sets...................................................................................................... 19 Types of data sets.................................................................................................................................19 Restrictions using data sets................................................................................................................. 19 Allocating data sets through the data definition (DD) statement....................................................... 20 Language Environment (LE)................................................................................................................. 20 Other data set considerations..............................................................................................................20 OpenPGP messages...................................................................................................................................20 Using Encryption Facility for OpenPGP commands and options........................................................ 20 Authenticating digital signatures...............................................................................................................21 Using the OpenPGP keyring.......................................................................................................................22 Chapter 4. Encryption Facility for OpenPGP commands.........................................23 Configuration file and home directory.......................................................................................................23 OUTPUT_FILE.......................................................................................................................................23 KEY_RING_FILENAME......................................................................................................................... 24 USE_ASYNC_IO....................................................................................................................................24
Recommended publications
  • Edit Bibliographic Records
    OCLC Connexion Browser Guides Edit Bibliographic Records Last updated: May 2014 6565 Kilgour Place, Dublin, OH 43017-3395 www.oclc.org Revision History Date Section title Description of changes May 2014 All Updated information on how to open the diacritic window. The shortcut key is no longer available. May 2006 1. Edit record: basics Minor updates. 5. Insert diacritics Revised to update list of bar syntax character codes to reflect and special changes in character names and to add newly supported characters characters. November 2006 1. Edit record: basics Minor updates. 2. Editing Added information on guided editing for fields 541 and 583, techniques, template commonly used when cataloging archival materials. view December 2006 1. Edit record: basics Updated to add information about display of WorldCat records that contain non-Latin scripts.. May 2007 4. Validate record Revised to document change in default validation level from None to Structure. February 2012 2 Editing techniques, Series added entry fields 800, 810, 811, 830 can now be used to template view insert data from a “cited” record for a related series item. Removed “and DDC” from Control All commands. DDC numbers are no longer controlled in Connexion. April 2012 2. Editing New section on how to use the prototype OCLC Classify service. techniques, template view September 2012 All Removed all references to Pathfinder. February 2013 All Removed all references to Heritage Printed Book. April 2013 All Removed all references to Chinese Name Authority © 2014 OCLC Online Computer Library Center, Inc. 6565 Kilgour Place Dublin, OH 43017-3395 USA The following OCLC product, service and business names are trademarks or service marks of OCLC, Inc.: CatExpress, Connexion, DDC, Dewey, Dewey Decimal Classification, OCLC, WorldCat, WorldCat Resource Sharing and “The world’s libraries.
    [Show full text]
  • NSA Vs. Encryption Article Written by Datto Developer Dan Fuhry First Appeared on Mspmentor.Com in November 2013
    SuccessArticle: EncryptionStory NSA vs. Encryption Article written by Datto developer Dan Fuhry first appeared on MSPmentor.com in November 2013. If you’ve been watching the news lately, there is no doubt you have heard about the National Security Agency’s (NSA) surveillance scandal. “We will stand in our firm Recent months have seen a revelation of programs commitment to protect you and that capture domestic and international traffic indiscriminately. Encrypted data gets saved for a your customers.” certain number of years, in case they ever decide to decrypt it. If this alarms you, that’s good. You should be alarmed. I was too, on a very personal level, and have actively been working on changing some long-established habits in order to protect the information that is private and personal to me. For MSPs not in the United States you should be even more alarmed. It’s not even your own government that has the encrypted data, and since you don’t have constitutional protection in the U.S., there is nothing legally standing in the NSA’s way to prevent them from using their dark magical cryptographic powers to obtain your confidential business or personal data. This is a frightening proposition indeed, which is why I want to talk about the position Datto has taken regarding the recent revelations. Before we go any further, allow me to briefly describe my role here. I’m a developer with Datto, and I designed the encryption feature for Datto SIRIS. I picked the ciphers, hash algorithm parameters, and random number generator algorithm, had them peer-reviewed, and then wrote the code.
    [Show full text]
  • Analysis of Password Cracking Methods & Applications
    The University of Akron IdeaExchange@UAkron The Dr. Gary B. and Pamela S. Williams Honors Honors Research Projects College Spring 2015 Analysis of Password Cracking Methods & Applications John A. Chester The University Of Akron, [email protected] Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Follow this and additional works at: http://ideaexchange.uakron.edu/honors_research_projects Part of the Information Security Commons Recommended Citation Chester, John A., "Analysis of Password Cracking Methods & Applications" (2015). Honors Research Projects. 7. http://ideaexchange.uakron.edu/honors_research_projects/7 This Honors Research Project is brought to you for free and open access by The Dr. Gary B. and Pamela S. Williams Honors College at IdeaExchange@UAkron, the institutional repository of The nivU ersity of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Honors Research Projects by an authorized administrator of IdeaExchange@UAkron. For more information, please contact [email protected], [email protected]. Analysis of Password Cracking Methods & Applications John A. Chester The University of Akron Abstract -- This project examines the nature of password cracking and modern applications. Several applications for different platforms are studied. Different methods of cracking are explained, including dictionary attack, brute force, and rainbow tables. Password cracking across different mediums is examined. Hashing and how it affects password cracking is discussed. An implementation of two hash-based password cracking algorithms is developed, along with experimental results of their efficiency. I. Introduction Password cracking is the process of either guessing or recovering a password from stored locations or from a data transmission system [1].
    [Show full text]
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms
    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
    [Show full text]
  • 14 * (Asterisk), 169 \ (Backslash) in Smb.Conf File, 85
    ,sambaIX.fm.28352 Page 385 Friday, November 19, 1999 3:40 PM Index <> (angled brackets), 14 archive files, 137 * (asterisk), 169 authentication, 19, 164–171 \ (backslash) in smb.conf file, 85 mechanisms for, 35 \\ (backslashes, two) in directories, 5 NT domain, 170 : (colon), 6 share-level option for, 192 \ (continuation character), 85 auto services option, 124 . (dot), 128, 134 automounter, support for, 35 # (hash mark), 85 awk script, 176 % (percent sign), 86 . (period), 128 B ? (question mark), 135 backup browsers ; (semicolon), 85 local master browser, 22 / (slash character), 129, 134–135 per local master browser, 23 / (slash) in shares, 116 maximum number per workgroup, 22 _ (underscore) 116 backup domain controllers (BDCs), 20 * wildcard, 177 backups, with smbtar program, 245–248 backwards compatibility elections and, 23 for filenames, 143 A Windows domains and, 20 access-control options (shares), 160–162 base directory, 40 accessing Samba server, 61 .BAT scripts, 192 accounts, 51–53 BDCs (backup domain controllers), 20 active connections, option for, 244 binary vs. source files, 32 addresses, networking option for, 106 bind interfaces only option, 106 addtosmbpass executable, 176 bindings, 71 admin users option, 161 Bindings tab, 60 AFS files, support for, 35 blocking locks option, 152 aliases b-node, 13 multiple, 29 boolean type, 90 for NetBIOS names, 107 bottlenecks, 320–328 alid users option, 161 reducing, 321–326 announce as option, 123 types of, 320 announce version option, 123 broadcast addresses, troubleshooting, 289 API
    [Show full text]
  • Legacy Character Sets & Encodings
    Legacy & Not-So-Legacy Character Sets & Encodings Ken Lunde CJKV Type Development Adobe Systems Incorporated bc ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/unicode/iuc15-tb1-slides.pdf Tutorial Overview dc • What is a character set? What is an encoding? • How are character sets and encodings different? • Legacy character sets. • Non-legacy character sets. • Legacy encodings. • How does Unicode fit it? • Code conversion issues. • Disclaimer: The focus of this tutorial is primarily on Asian (CJKV) issues, which tend to be complex from a character set and encoding standpoint. 15th International Unicode Conference Copyright © 1999 Adobe Systems Incorporated Terminology & Abbreviations dc • GB (China) — Stands for “Guo Biao” (国标 guóbiâo ). — Short for “Guojia Biaozhun” (国家标准 guójiâ biâozhün). — Means “National Standard.” • GB/T (China) — “T” stands for “Tui” (推 tuî ). — Short for “Tuijian” (推荐 tuîjiàn ). — “T” means “Recommended.” • CNS (Taiwan) — 中國國家標準 ( zhôngguó guójiâ biâozhün) in Chinese. — Abbreviation for “Chinese National Standard.” 15th International Unicode Conference Copyright © 1999 Adobe Systems Incorporated Terminology & Abbreviations (Cont’d) dc • GCCS (Hong Kong) — Abbreviation for “Government Chinese Character Set.” • JIS (Japan) — 日本工業規格 ( nihon kôgyô kikaku) in Japanese. — Abbreviation for “Japanese Industrial Standard.” — 〄 • KS (Korea) — 한국 공업 규격 (韓國工業規格 hangug gongeob gyugyeog) in Korean. — Abbreviation for “Korean Standard.” — ㉿ — Designation change from “C” to “X” on August 20, 1997. 15th International Unicode Conference Copyright © 1999 Adobe Systems Incorporated Terminology & Abbreviations (Cont’d) dc • TCVN (Vietnam) — Tiu Chun Vit Nam in Vietnamese. — Means “Vietnamese Standard.” • CJKV — Chinese, Japanese, Korean, and Vietnamese. 15th International Unicode Conference Copyright © 1999 Adobe Systems Incorporated What Is A Character Set? dc • A collection of characters that are intended to be used together to create meaningful text.
    [Show full text]
  • Key Derivation Functions and Their GPU Implementation
    MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS Key derivation functions and their GPU implementation BACHELOR’S THESIS Ondrej Mosnáˇcek Brno, Spring 2015 This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/ cbna ii Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáˇcek Advisor: Ing. Milan Brož iii Acknowledgement I would like to thank my supervisor for his guidance and support, and also for his extensive contributions to the Cryptsetup open- source project. Next, I would like to thank my family for their support and pa- tience and also to my friends who were falling behind schedule just like me and thus helped me not to panic. Last but not least, access to computing and storage facilities owned by parties and projects contributing to the National Grid In- frastructure MetaCentrum, provided under the programme “Projects of Large Infrastructure for Research, Development, and Innovations” (LM2010005), is also greatly appreciated. v Abstract Key derivation functions are a key element of many cryptographic applications. Password-based key derivation functions are designed specifically to derive cryptographic keys from low-entropy sources (such as passwords or passphrases) and to counter brute-force and dictionary attacks. However, the most widely adopted standard for password-based key derivation, PBKDF2, as implemented in most applications, is highly susceptible to attacks using Graphics Process- ing Units (GPUs).
    [Show full text]
  • The Luacode Package
    The luacode package Manuel Pégourié-Gonnard <[email protected]> v1.2a 2012/01/23 Abstract Executing Lua code from within TEX with \directlua can sometimes be tricky: there is no easy way to use the percent character, counting backslashes may be hard, and Lua comments don’t work the way you expect. This package provides the \luaexec command and the luacode(*) environments to help with these problems, as well as helper macros and a debugging mode. Contents 1 Documentation1 1.1 Lua code in LATEX...................................1 1.2 Helper macros......................................3 1.3 Debugging........................................3 2 Implementation3 2.1 Preliminaries......................................4 2.2 Internal code......................................5 2.3 Public macros and environments...........................7 3 Test file 8 1 Documentation 1.1 Lua code in LATEX For an introduction to the most important gotchas of \directlua, see lualatex-doc.pdf. Before presenting the tools in this package, let me insist that the best way to manage a non- trivial piece of Lua code is probably to use an external file and source it from Lua, as explained in the cited document. \luadirect First, the exact syntax of \directlua has changed along version of LuaTEX, so this package provides a \luadirect command which is an exact synonym of \directlua except that it doesn’t have the funny, changing parts of its syntax, and benefits from the debugging facilities described below (1.3).1 The problems with \directlua (or \luadirect) are mainly with TEX special characters. Actually, things are not that bad, since most special characters do work, namely: _, ^, &, $, {, }. Three are a bit tricky but they can be managed with \string: \, # and ~.
    [Show full text]
  • Thread Commissioning White Paper
    July 13, 2015 This Thread Technical white paper is provided for reference purposes only. The full technical specification is available to Thread Group Members. To join and gain access, please follow this link: http://threadgroup.org/Join.aspx. If you are already a member, the full specification is available in the Thread Group Portal: http://portal.threadgroup.org. If there are questions or comments on these technical papers, please send them to [email protected]. This document and the information contained herein is provided on an “AS IS” basis and THE THREAD GROUP DISCLAIMS ALL WARRANTIES EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT OR TRADEMARK RIGHTS) OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE THREAD GROUP BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. Copyright 2015 Thread Group, Inc. All rights reserved. Thread Commissioning July 2015 Revision History Revision Date Comments 1.0 January 29, 2015 Initial Release 2.0 July 13, 2015 Public Release 1 Contents Introduction ................................................................................ 2 Terminology ................................................................................ 2 System Topology ............................................................................... 4 Degrees of Separation ..........................................................................................
    [Show full text]
  • Harden Zero Knowledge Password Proofs Against Offline Dictionary
    Harden Zero Knowledge Password Proofs Against Offline Dictionary Attacks Gijs Van Laer Rono Dasgupta Aditya Patil [email protected] [email protected] [email protected] Matthew Green [email protected] December 12, 2016 Abstract Traditional authentication systems offer ease of use but the security they provide often proves to be inadequate. Hackers use means to gain access to company servers and steal entire databases of password hashes. These hashes are then subject to offline dictionary attacks resulting in the disclosure of millions of passwords. Such password breaches have become commonplace and have caused several major companies to face major losses. Password reuse is a common practice among users and a password breach disclosing a single password on a particular service could result in a user also losing access to their other accounts. Solutions such as multi-factor authentication add some level of security but do not completely solve the problem. There is a need to move towards stronger authentication schemes that do not compromise on ease of use, both for the user and the service provider. In this paper, we propose a novel authentication protocol that is proven hard against offline dictionary attacks. Our protocol implements a combination of a Zero Knowledge Password Proof and a sequentially memory hard hash function. In a concrete instan- tiation of the protocol, we use Schnorr's Zero Knowledge Password Proof combined with the Fiat-Shamir Heuristic for the Zero Knowledge Password Proof and scrypt for the sequentially memory hard hash function. We also describe a library implementing our protocol that we have developed along with an example web application that uses the library.
    [Show full text]
  • International Language Environments Guide
    International Language Environments Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 806–6642–10 May, 2002 Copyright 2002 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, docs.sun.com, AnswerBook, AnswerBook2, Java, XView, ToolTalk, Solstice AdminTools, SunVideo and Solaris are trademarks, registered trademarks, or service marks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. SunOS, Solaris, X11, SPARC, UNIX, PostScript, OpenWindows, AnswerBook, SunExpress, SPARCprinter, JumpStart, Xlib The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry.
    [Show full text]
  • List of Approved Special Characters
    List of Approved Special Characters The following list represents the Graduate Division's approved character list for display of dissertation titles in the Hooding Booklet. Please note these characters will not display when your dissertation is published on ProQuest's site. To insert a special character, simply hold the ALT key on your keyboard and enter in the corresponding code. This is only for entering in a special character for your title or your name. The abstract section has different requirements. See abstract for more details. Special Character Alt+ Description 0032 Space ! 0033 Exclamation mark '" 0034 Double quotes (or speech marks) # 0035 Number $ 0036 Dollar % 0037 Procenttecken & 0038 Ampersand '' 0039 Single quote ( 0040 Open parenthesis (or open bracket) ) 0041 Close parenthesis (or close bracket) * 0042 Asterisk + 0043 Plus , 0044 Comma ‐ 0045 Hyphen . 0046 Period, dot or full stop / 0047 Slash or divide 0 0048 Zero 1 0049 One 2 0050 Two 3 0051 Three 4 0052 Four 5 0053 Five 6 0054 Six 7 0055 Seven 8 0056 Eight 9 0057 Nine : 0058 Colon ; 0059 Semicolon < 0060 Less than (or open angled bracket) = 0061 Equals > 0062 Greater than (or close angled bracket) ? 0063 Question mark @ 0064 At symbol A 0065 Uppercase A B 0066 Uppercase B C 0067 Uppercase C D 0068 Uppercase D E 0069 Uppercase E List of Approved Special Characters F 0070 Uppercase F G 0071 Uppercase G H 0072 Uppercase H I 0073 Uppercase I J 0074 Uppercase J K 0075 Uppercase K L 0076 Uppercase L M 0077 Uppercase M N 0078 Uppercase N O 0079 Uppercase O P 0080 Uppercase
    [Show full text]