Encryption Facility for z/OS - New · PDF fileEncryption Facility for z/OS Greg Boyd ... • RACF, ICSF or Java ... • Certificates – use a public/private key to protect the data

©

February 2015

Encryption Facility for z/OS

Greg [email protected]

www.mainframecrypto.com

zExchange – Encryption Facility for z/OS

©

Page 2

Feature:DFSMSdss™ Encryption

Optional Priced Feature

IBM Encryption Facility for z/OS, 1.2Program number: 5655-P97

MSU-based pricing*Runs on the following servers: System z196, z10 (EC & BC)

z9 (EC & BC)zSeries 900 or 990zSeries 800 or 890

Requires: z/OS 1.6 or higher; z/OS.e 1.6 or higher/HCR7720+

Java ClientWeb Download

Feature: Encryption ServicesOptional Priced Feature

Java technology-based code that allows client systems (z/OS and non-z/OS) to decrypt and encrypt data for exchange with z/OS systems (zFormat)

z Format

Supports encrypting and decrypting of data at rest (tapes, disk)

Supports either Public Key/Private keys or passwords to create highly-secure exchange between partners

OpenPGP Format

Internet Draft Standard RFC2440/RFC4880

zAAP eligible

X.509 or OpenPGPCertificates

Allows encryption and compression of DUMP data sets created by DFSMSdss™

Supports decryption and decompression during RESTORE

•Variable Workload License Charges (VWLC), Entry Workload License Charges (EWLC), zSeries Entry License Charges™ (zELC), Parallel Sysplex® License Charges (PSLC)

Decryption Client for z/OSWeb Download

Decryption only code designed to run on z/OS systems. (i.e. zFormat)

February 2015 zExchange – Encryption Facility for z/OS

©

Clear Key / Secure Key / Protected Key• Clear Key – key may be in the clear, at least briefly,

somewhere in the environment• Secure Key – key value does not exist in the clear

outside of the HSM (secure, tamper-resistant boundary of the card)

• Protected Key – key value does not exist outside of physical hardware, although the hardware may not be tamper-resistant

Page 3February 2015 zExchange – Encryption Facility for z/OS

©

System z CPACF Hardware –z196 (GA2) & z114 & zEC12• Symmetric Clear Key

• DES (56-, 112-, 168-bit), new chaining options• AES-128, AES-192, AES-256, new chaining options

• SHA-1, SHA-256, SHA-512 (SHA-2 Suite)• PRNG• Protected Key

Page 4

TechDoc WP100810 – A Synopsis of System z Crypto Hardware


©

zEC12 PCI Crypto Hardware

CEX4S• Secure Key DES/TDES• Secure Key AES• Financial (PIN) Functions• Key Generate/Key Management• Random Number Generate and Generate Long• Protected Key Support• RSA & ECC Operations (SSL Handshakes)• EP11 Mode (Secure Key PKCS #11)

Page 5

TechDoc WP100810 – A Synopsis of System z Crypto Hardware

Coprocessoror

Accelerator orPKCS #11


©

Symmetric Key

Password Option

Page 6

A

Clear text

File

A

Symmetric Algorithm

Password

EncryptedFile

w/Header

EncryptedFile

w/Header

A

Password

A Clear text

File

Password Hashed via PKCS #12

Password Hashed via PKCS #12

Symmetric Key


Symmetric Algorithm

©

RSA Option

Page 7

A

A

Clear text

File

A

Symmetric Algorithm

AA

Clear text

File

Random Number Generate

Encrypted File w/Encrypted Key in the

header

PKA

Public Key (via Certificate?)

Private Key

PKA

Symmetric Algorithm

Symmetric Key

Symmetric Key


Encrypted File w/Encrypted Key in the

header

©

Password vs RSA – Hardware Requirements• PASSWORD/RSA

• Password – 8-32 byte password used to generate a key that protects the data

• General Purpose CPs• RSA – label of an existing public key that will encrypt the

data key• PCI Coprocessor w/Master keys loaded


©

Where is the encryption done?• CLRAES – AES-128 bit clear key

• zEC12, z196/z114, z10 EC & BC, z9 EC & BC - CPACF• z890/z990, z800/z900 – in software (ICSF)

• CLRTDES – TDES clear key• zEC12, z196/z114, z10 EC & BC, z9 EC & BC, z890/z990 -

CPACF• z800/z900 - CCF (but uses secure key APIs)

• ENCTDES – TDES secure key• zEC12 - CEX4SC or CEX3C• z196, z114 - CEX3C• z10 EC & BC - CEX3C or CEX2C• z9 - CEX2C• z890/z990 - CEX2 or PCIXCC• z800/z900 – CCF

• No AES secure key supportPage 9February 2015 zExchange – Encryption Facility for z/OS

©

To Compress or Not To Compress

• Compression• Yes

• Uses General Purpose CPs to do the compression (competes with other work in the system)

• Requires approx 50% more tapes than compressing at the drive• No

• No compression workload on the General Purpose CPs• Requires approximately 2-3 times more tapes than compressing

at the drive


©

Other Parameters

• DESC=description freeform text• ICOUNT=SHA PKCS#12 iteration count (default 16)• INFO (Decrypt Only) – Recover and print info about

the file from the header


©

1.5GB Sample Run Timesyour mileage may vary….

System

(Mbytes/CPU sec)

Clear Key TDES

Clear Key Triple-DES w/ Compression

Clear Key AES

Clear Key AES w/ Compression

Secure Key TDES

Secure Key TDES w/ Compression

z9 143 64 167 67 52 42z990 104 44 33 29 34 29z890 78 33 25 21 26 23z900 27 20 15 15 27 20z800 20 15 11 11 20 15

Page 12

These figures are from a LAB run and do not necessarily represent values you may achieve.


©

Flexible Options for partnersEncryption facility for z/OS 1.2

Decryption Client for z/OS Java Based Client

Java Based Client (Partner without z/OS)

Packaging Priced product 5655-P97 Encryption Services feature

No charge Web Download (As-is code)



Encrypt/ Decrypt

Full function encrypt/ decrypt

Decrypt only Decrypt and encrypt

Decrypt and encrypt

Compression Compression and decompression

Decompression only No No

Other important facts

Can encrypt and decrypt using mainframe crypto acceleration and compression

Can decrypt using mainframe crypto acceleration and compression capabilities

Can decypt an encrypted file direct to MVS data set

Note: Requires secure key hardware (ex. CEX3C) when using public key

Can be used on any java-enabled system, including z/OS


©

Cautions

• ENCTDES or RSA may require additional hardware setup

• Coprocessor required• Master keys must be loaded

• ICSF must be active• CSDFILEN will select the optimum blocksize and

record format (RECFM=U) for the output media• Typically 27998 bytes (half track) for disk• 64K or 32K for tape

• CSDFILDE will use the saved file header information to reallocate the DCB info for the recovered file

• DCB (but not LRECL) may be increased if desiredPage 14February 2015 zExchange – Encryption Facility for z/OS

©

Why OpenPGP?

• Using OpenPGP support, the customer can:• Passphrase based encrypt/decrypt• Public/Private key based encrypt/decrypt• Digitally sign data / Verify signatures• Compress data• Exchange key material in OpenPGP certificates• Generate key pairs and OpenPGP/x.509 certificates

• Value:• Additional data integrity services with multiple algorithms for each

service• Existing open source tooling• Exchange one payload with multiple partners• RACF, ICSF or Java keystore repository• Special text processing


©

Encryption Key

• OpenPGP format• Data is protected by a random number• Data key is protected

• Passphrase Based Encryption (PBE) – passphrase is used to calculate a key that is used to encrypt the data key

• Certificates – use a public/private key to protect the data key


©

Usage & Invocation . . .

• Invocation from an OMVS login• Java –jar /usr/lpp/encryptionfacility/CSDEncryptionFacility.jar

[-homedir dir] [options] commands [inptu file …]

• Invocation from batch• Sample JCL, environment member, PROC

• Messaging / Tracing• Messages -> STDOUT• Tracing (when active) -> STDERR• XML Logging (when active) -> zFS file

• Configuration File• Sample shipped:

/usr/lpp/encryptionfacility/ibmef.config• Default Search Location: /etc/encryptionfacility


©

Usage & Invocation (cont.)

• Data I/O• zFS• PDS, PDSE, Sequential data sets

• Output of encrypt/sign/compress must be VB• Syntax Example

• ‘//HLQ.PDS.HLQ1(mem)’• //HLQ.SEQ.HLQ• //DD:ddname

• OpenPGP Key Ring• Default: /var/encryptionfacility/ibmpkring/ikr


©

IBM Encryption Facility for z/OS (5655-P97) – OA40664• RFC 4880 Support in the IBM Encryption Facility

• Speculative Key ID Support• Multiple recipients with Symmetrically Encrypted

Integrity Protected Data Packet• Support for notation Data Sub-packets containing raw

binary data

• Batch Key Generation and Batch Public Key Export


©

Certificates: x.509 vs OpenPGP

• Support x.509 through keystore• RACF key rings• Certificate authority simplifies trust establishment

• Support OpenPGP• Original approach for key exchange• Trust not as straightforward


©

RACF Digital Certificates

• RACDCERT – RACF Digital Certificate• GENCERT – to create a certificate• EXPORT – to send the certificate to your partner• ADD – to bring the certificate into RACF

• Keywords• ICSF – RACF Generates RSA key pair (in software)• PCICC – RACF requests RSA key pair from ICSF and PCI

card• DSA – Digital Signature Algorithm (in software)


©

ICSF PKDS Key Management

Page 22

---------------------- ICSF – Utilities -----------------------------OPTION ===>

Enter the number of the desired option.1 ENCOD - Encode Data2 DECODE - Decode Data3 RANDOM - Generate a random number4 CHECKSUM - Generate a checksum and verification and hash pattern5 PPKEYS - Generate master key values from a pass phrase6 PKDSKEYS - Mange keys in the PKDS

Press ENTER to create and store control statement Press END to exit to the previous panel without saving


©

ICSF PKDS Key Management

Page 23

CSFPKY00 --------------------- ICSF – PKDS Keys -------------------------COMMAND ===>

Enter the PKDS record’s label for the actions below===> ___________________________________________________________

Select one of the following actions then press ENTER to process:

__ Generate a new PKDS key pair record Enter the key length ===> 512, 1024, 2048, 4096 Enter Private Key Name (optional) ===> ___________________________________________________________

__ Delete the existing public key or key pair PKDS record

__ Export the PKDS record’s public key to a certificate data setEnter the DSN ===> ___________________________________Enter the desired subject’s common name (optional)CN ===> ___________________________________________________

__ Create a PKDS public key record from an input certificateEnter the DSN ===> ___________________________________

Press ENTER to create and store control statementPress END to exit to the previous panel without saving


©

Migration and Coexistence Considerations• OpenPGP format not interoperable with System z

format• OpenPGP Versions

• Exports V4 OpenPGP Certificates• Imports V3 or V4 Certificates• Generates V4 Signatures• Verifies V3 or V4 Signatures


©

V1.2 - Support for OpenPGP

Encryption Facility for z/OS System z Format• Understands z/OS data formats• High performance from hardware

(3x to 10x hardware accelerated)• Works across platforms via Java

client • Supports passphrase and pubic

key in both product and client

Net: Use where IBM system z MIPS consumption is an issue

Encryption Facility for z/OS OpenPGP RFC 4880 standard• Industry standard format

supported by many products on many platforms

• Open Source implementations available

• Supports passphrase and public key

• Limited System z hardware acceleration of PGP required protocols

• zIIP/zAAP eligibleNet: Use when OpenPGP standard

protocol is required

February 2015 zExchange – Encryption Facility for z/OS Page 25

Note: Both formats can use the same z/OS centralized key management

©

Hardware / Performance Implications• Encryption Algorithm to protect data

• CLRAES – AES 128-bit clear key• TDES – TDES clear key• ENCTDES – TDES secure key• BLOWFISH – OpenPGP Only

• Key Encryption choices• Passphrase – uses CPACF• RSA Key – requires CEXn• OpenPGP Signatures – CEXn not required, but will help

performance for PKA operations


©

Encryption Facility Resources

• Pubs• SA23-2229 Encryption Facility for z/OS Planning and Customizing• SA23-2230 Encryption Facility for z/OS Using Encryption Facility for

OpenPGP

• Redbooks www.ibm.com/• REDP-4334 Encryption Facility R2 for z/OS Performance• SG24-7434 Encryption Facility for z/OS V1.2 OpenPGP Support• SG24-7318 Encryption Facility for z/OS V1.1

• TechDocs w3.ibm.com/support/techdocs• TD103132 Checklist for Features Required to use the IBM

Encryption Facility*• WP100700 Encryption Facility for z/OS – Performance and Sizing*

*No longer available


©

Questions?


Documents

Encryption Facility for z/OS - New · PDF fileEncryption Facility for z/OS Greg Boyd ... • RACF, ICSF or Java ... • Certificates – use a public/private key to protect the data