ibm.com/redbooks
Front cover
IBM System Storage
Data Encryption
Alex Osuna
David Crowther
Reimar Pflieger
Esha Seth
Ferenc Toth
Understand the encryption concepts
and terminology
Compare various IBM storage
encryption methods
Plan for Tivoli Key Lifecycle
Manager and its keystores
International Technical Support Organization
IBM System Storage Data Encryption
June 2010
© Copyright International Business Machines Corporation 2010. All rights reserved.
First Edition (June 2010)
This edition applies to Tivoli Key Lifecycle Manager Version 1 and later and the Encryption Key Manager Release 1 and later.
Note: Before using this information and the product it supports, read the information in “Notices” on
© Copyright IBM Corp. 2010. All rights reserved. iii
Contents
Notices . . . xvii
Trademarks . . . xviii
Preface . . . xix
The team who wrote this book . . . xix
Now you can become a published author, too! . . . xx
Comments welcome. . . xxi
Stay connected to IBM Redbooks . . . xxi
Part 1. Introduction to data encryption. . . 1
Chapter 1. Encryption concepts and terminology . . . 3
1.1 Concepts of storage data encryption . . . 4
1.1.1 Symmetric key encryption . . . 4
1.1.2 Asymmetric key encryption . . . 6
1.1.3 Hybrid encryption . . . 9
1.1.4 Digital certificates . . . 9
1.2 IBM Key Management methods . . . 15
1.3 Tivoli Key Lifecycle Manager and Encryption Key Manager . . . 16
1.3.1 IBM Encryption Key Manager . . . 17
1.3.2 Encryption Key Manager components and resources . . . 19
1.3.3 Encryption keys. . . 21
1.3.4 Tivoli Key Lifecycle Manager . . . 21
1.3.5 Tivoli Key Lifecycle Manager components and resources . . . 22
Chapter 2. Introduction to storage data encryption. . . 27
2.1 IBM tape drive encryption . . . 28
2.2 IBM System Storage DS5000 series with encryption support. . . 29
2.3 DS8000 series with encryption support. . . 31
2.3.1 Encryption updates in DS8000 R5.0 . . . 33
2.4 Storage data encryption . . . 34
2.4.1 Encryption of data on IBM tape drives . . . 34
2.4.2 Encryption of data in IBM System Storage DS5000 Series . . . 35
2.4.3 Encryption of data in IBM System Storage DS8000 Series . . . 37
2.5 Encryption data . . . 41
2.5.1 IBM tape drive . . . 41
2.5.2 IBM Storage Series DS5000 and DS8000 . . . 43
2.6 Using data encryption . . . 44
2.6.1 Encrypting data in the tape drive . . . 44
2.6.2 Encrypting data on disk drives . . . 45
2.6.3 Fundamentals to encryption: Policy and key management. . . 46
Chapter 3. IBM storage encryption methods . . . 49
3.1 Tivoli Key Lifecycle Manager . . . 50
3.1.1 Tivoli Key Lifecycle Manager components and resources . . . 51
3.1.2 Key exchange . . . 53
3.2 IBM Encryption Key Manager . . . 54
3.2.1 Encryption Key Manager components and resources . . . 56
3.3.1 Key exchange . . . 59
3.4 DS8000 disk encryption . . . 60
3.4.1 Encryption key management . . . 62
3.4.2 Encryption deadlock . . . 67
3.4.3 Encryption recovery key support. . . 68
3.4.4 Dual platform key server support . . . 70
3.5 Comparing tape encryption methods . . . 73
3.5.1 System-Managed Encryption . . . 74
3.5.2 Library-Managed Encryption . . . 77
3.5.3 Encrypting and decrypting with SME and LME . . . 79
3.5.4 Application-Managed Encryption . . . 81
3.5.5 Mixed mode example . . . 84
Chapter 4. IBM System Storage tape automation for encryption . . . 87
4.1 IBM System Storage TS1130 and TS1120 tape drive . . . 88
4.1.1 Tape data encryption support . . . 89
4.1.2 TS1120 characteristics . . . 89
4.1.3 TS1130 characteristics . . . 91
4.1.4 3592 cartridges and media . . . 93
4.2 IBM System Storage TS1120 Tape Controller . . . 95
4.2.1 IBM TS1120 Tape Controller characteristics . . . 96
4.2.2 IBM TS1120 Tape Controller encryption support . . . 97
4.2.3 Installation with an IBM TS3500 Tape Library . . . 97
4.2.4 Installation with an IBM TS3400 Tape Library . . . 99
4.2.5 Installation with an IBM 3494 Tape Library . . . 100
4.2.6 IBM TotalStorage 3592 Model J70 Tape Controller . . . 101
4.3 IBM Virtualization Engine TS7700 . . . 102
4.4 IBM LTO Ultrium tape drives and libraries . . . 104
4.4.1 Linear Tape-Open overview . . . 105
4.4.2 LTO media . . . 106
4.4.3 IBM System Storage TS2240 Tape Drive Express Model . . . 108
4.4.4 IBM System Storage TS2340 Tape Drive Express Model . . . 109
4.4.5 IBM System Storage TS1040 Tape Drive . . . 110
4.4.6 IBM System Storage TS2900 Tape Autoloader . . . 111
4.4.7 IBM System Storage TS3100 Tape Library . . . 111
4.4.8 IBM System Storage TS3200 Tape Library . . . 113
4.4.9 IBM System Storage TS3310 Tape Library . . . 115
4.5 IBM System Storage TS3400 Tape Library . . . 118
4.6 IBM System Storage TS3500 Tape Library . . . 120
4.6.1 TS3500 frames . . . 121
4.6.2 TS3500 characteristics . . . 124
4.7 IBM TotalStorage 3494 Tape Library . . . 131
Chapter 5. Full Disk Encryption technology in disk subsystems. . . 133
5.1 FDE fundamentals . . . 134
5.2 Hardware implementation details . . . 135
5.3 FDE disks in storage products . . . 136
Part 2. IBM System Storage DS5000 . . . 139
Chapter 6. Understanding Full Disk Encryption in DS5000 . . . 141
6.1 FDE disk drives . . . 142
6.1.1 Securing data against a breach . . . 142
Contents v
6.3 Changing a security key . . . 144
6.4 Security key identifier . . . 144
6.5 Unlocking secure drives . . . 148
6.6 Secure erase . . . 149
6.7 FDE security authorizations . . . 149
6.8 FDE key terms . . . 151
Chapter 7. Configuring encryption on DS5000 with Full Disk Encryption drives . . . 153
7.1 The need for encryption . . . 154
7.1.1 Encryption method . . . 154
7.2 Disk Security components. . . 156
7.2.1 DS5000 Disk Encryption Manager . . . 156
7.2.2 Full Data Encryption disks. . . 157
7.2.3 Premium feature license . . . 157
7.2.4 Keys . . . 157
7.2.5 Security key identifier . . . 157
7.2.6 Passwords . . . 158
7.3 Setting up and enabling the Secure Disk feature . . . 159
7.3.1 FDE and the premium feature key check . . . 159
7.3.2 Secure key creation . . . 160
7.3.3 Enable disk security on the array . . . 162
7.4 Additional secure disk functions . . . 163
7.4.1 Changing the security key. . . 164
7.4.2 Saving the security key file . . . 165
7.4.3 Secure disk erase . . . 166
7.4.4 FDE drive status . . . 167
7.4.5 Hot-spare drive . . . 167
7.4.6 Log files. . . 168
7.5 Migrating secure disk arrays . . . 168
7.5.1 Planning checklist . . . 169
7.5.2 Export the array . . . 169
7.6 Import secure drive array . . . 172
7.6.1 Unlock drives . . . 173
7.6.2 Import array. . . 174
Chapter 8. DS5000 Full Disk Encryption best practices . . . 177
8.1 Physical asset protection . . . 178
8.2 Data backup . . . 179
8.3 FDE drive security key and the security key file . . . 179
8.4 DS subsystem controller shell remote login . . . 181
8.5 Working with Full Disk Encryption drives . . . 181
8.6 Replacing controllers. . . 182
8.7 Storage industry standards and practices . . . 182
Chapter 9. Frequently asked questions . . . 183
9.1 Securing arrays . . . 184
9.2 Secure erase . . . 184
9.3 Security keys and passphrases . . . 185
9.4 Premium features . . . 185
9.5 Global hot-spare drives . . . 186
9.6 Boot support . . . 186
9.7 Locked and unlocked states . . . 187
9.8 Backup and recovery . . . 187
Part 3. Implementing tape data encryption . . . 189
Chapter 10. Planning for software and hardware to support tape drives . . . 191
10.1 Encryption planning. . . 192
10.2 Planning assumptions . . . 192
10.3 Encryption planning quick-reference tables . . . 193
10.4 Choosing encryption methods. . . 196
10.4.1 Encryption method comparison. . . 197
10.4.2 System z encryption methods . . . 197
10.4.3 Open systems encryption methods. . . 198
10.4.4 Decision time . . . 199
10.5 Solutions available by operating system . . . 199
10.5.1 The z/OS solution components . . . 199
10.5.2 z/VM, z/VSE, and z/TPF solution components for TS1120 drives . . . 202
10.5.3 IBM System i encryption solution components . . . 204
10.5.4 AIX solution components . . . 206
10.5.5 Linux on System z. . . 209
10.5.6 Linux on System p, System x, and other Intel or AMD Opteron servers. . . 210
10.5.7 HP-UX, Sun, and Microsoft Windows components. . . 213
10.5.8 Tivoli Storage Manager . . . 216
10.6 Ordering information . . . 216
10.6.1 TS1120 tape drive prerequisites . . . 216
10.6.2 Tape controller prerequisites. . . 218
10.6.3 LTO4 and LTO5 tape drive prerequisites . . . 219
10.6.4 Tape library prerequisites . . . 220
10.6.5 Other library and rack open systems installations. . . 222
10.6.6 TS7700 Virtualization Engine prerequisites . . . 222
10.6.7 General software prerequisites for encryption . . . 223
10.6.8 TS1120 and TS1130 supported platforms . . . 224
10.6.9 IBM LTO4 and LTO5 tape drive supported platforms . . . 225
10.7 Other planning considerations for tape data encryption . . . 226
10.7.1 In-band and out-of-band . . . 226
10.7.2 Performance considerations . . . 227
10.7.3 Encryption with other backup applications . . . 227
10.7.4 ALMS and encryption in the TS3500 library . . . 228
10.7.5 TS1120 and TS1130 rekeying considerations . . . 229
10.8 Upgrade and migration considerations . . . 230
10.8.1 Potential issues . . . 230
10.8.2 TS1120 and TS1130 compatibility considerations . . . 231
10.8.3 DFSMSdss host-based encryption . . . 235
10.8.4 Positioning TS1120 Tape Encryption and Encryption Facility for z/OS . . . 236
Chapter 11. Planning for Tivoli Key Lifecycle Manager and its keystores. . . 237
11.1 Tivoli Key Lifecycle Manager planning quick reference . . . 238
11.2 Tivoli Key Lifecycle Manager and keystore considerations. . . 241
11.2.1 Tivoli Key Lifecycle Manager configuration planning checklist . . . 244
11.3 Working with keys and certificates . . . 245
11.3.1 IT Service Management . . . 245
11.3.2 General security . . . 246
11.3.3 Tivoli Key Lifecycle Manager key server availability . . . 246
11.3.4 Encryption deadlock prevention for DS8000. . . 247
11.3.5 Tivoli Key Lifecycle Manager key server. . . 247
Contents vii
11.4 Multiple Tivoli Key Lifecycle Managers for redundancy . . . 249
11.4.1 Setting up primary and secondary Tivoli Key Lifecycle Manager servers. . . 250
11.4.2 Synchronizing primary and secondary Tivoli Key Lifecycle Manager servers . 250 11.5 Backup and restore . . . 251
11.5.1 Categories of data in a backup file . . . 251
11.5.2 Backup file security . . . 252
11.5.3 IBM Tivoli Storage Manager as a backup repository . . . 252
11.5.4 Backup and restore runtime requirements . . . 252
11.5.5 Backing up critical files . . . 253
11.5.6 Restoring a backup file . . . 254
11.5.7 Deleting a backup file . . . 256
11.6 Key exporting and importing tasks . . . 256
11.6.1 Exporting keys . . . 256
11.6.2 Importing keys. . . 257
11.6.3 Importing the public key . . . 258
11.6.4 Exporting the public key . . . 258
11.7 Integration and EKM to Tivoli Key Lifecycle Manager migration . . . 259
11.7.1 Integrating Tivoli Key Lifecycle Manager for DS8000 with an existing EKM tape encryption installation . . . 259
11.7.2 Migrating from EKM to Tivoli Key Lifecycle Manager . . . 259
11.7.3 Multiple encrypted disk or tape devices . . . 260
11.8 Data exchange with business partners . . . 261
11.9 Disaster recovery considerations . . . 262
11.10 Database selection . . . 263
Chapter 12. Implementing Tivoli Key Lifecycle Manager . . . 265
12.1 Implementation notes . . . 266
12.2 Installing Tivoli Key Lifecycle Manager on 64-bit Windows Server 2008 . . . 266
12.3 Installing Tivoli Key Lifecycle Manager on 64-bit Red Hat Enterprise Linux AS Version 5.3 server . . . 299
12.4 Installing Tivoli Key Lifecycle Manager on z/OS . . . 329
12.5 Configuring Tivoli Key Lifecycle Manager . . . 335
12.5.1 Configuration forLTO4 and TS1100 . . . 339
12.5.2 Configuration for DS8000 disk drives . . . 348
12.6 Conclusions. . . 351
Chapter 13. Tivoli Key Lifecycle Manager operational considerations . . . 353
13.1 Scripting with Tivoli Key Lifecycle Manager . . . 354
13.1.1 Simple Linux backup script example. . . 354
13.2 Synchronizing primary Tivoli Key Lifecycle Manager configuration data . . . 355
13.2.1 Setting up primary and secondary Tivoli Key Lifecycle Manager servers. . . 355
13.2.2 Synchronizing primary and secondary Tivoli Key Lifecycle Manager servers . 356 13.3 Tivoli Key Lifecycle Manager maintenance . . . 357
13.3.1 General disk and tape management . . . 357
13.3.2 Adding and removing drives . . . 359
13.3.3 Scheduling key group rollover for LTO tape drives . . . 364
13.3.4 Scheduling certificate rollover for 3592 tape . . . 368
13.4 Tivoli Key Lifecycle Manager backup and restore procedures . . . 371
13.4.1 Using the GUI to back up . . . 372
13.4.2 Restore by using the GUI . . . 373
13.4.3 Backing up by using the command line. . . 376
13.4.4 Restore by using the command line . . . 377
13.5.1 Sharing TS1100 certificate data with a business partner . . . 379
13.5.2 Sharing LTO key data with a business partner . . . 381
13.6 Removing Tivoli Key Lifecycle Manager . . . 384
13.6.1 Backing up the keystore . . . 385
13.7 Fixing the security warnings in your web browser. . . 385
13.7.1 Fixing the security warning in Internet Explorer browser . . . 385
13.7.2 Fixing the security warning in Firefox 2. . . 386
13.8 The Tivoli Key Lifecycle Manager command-line interface . . . 386
13.8.1 Commands using wsadmin . . . 386
13.8.2 Tivoli Key Lifecycle Manager commands using wsadmin . . . 387
13.8.3 Setting a larger timeout interval for command processing . . . 388
13.8.4 Syntax examples. . . 388
13.8.5 Continuation character . . . 388
13.8.6 Parameter error messages . . . 389
13.8.7 Command summary . . . 389
Chapter 14. Planning for Encryption Key Manager and its keystores . . . 393
14.1 EKM planning quick-reference . . . 394
14.2 Ordering information and requirements . . . 396
14.2.1 EKM on z/OS or z/OS.e requirements . . . 396
14.2.2 EKM on z/VM, z/VSE, and z/TPF . . . 397
14.2.3 EKM on IBM System i requirements . . . 397
14.2.4 EKM on AIX requirements . . . 398
14.2.5 EKM on Linux requirements . . . 399
14.2.6 EKM on Hewlett-Packard, Sun, and Windows requirements . . . 399
14.3 EKM and keystore considerations. . . 400
14.3.1 EKM configuration planning checklist . . . 402
14.3.2 Best security practices for working with keys and certificates. . . 403
14.3.3 Acting on the advice . . . 403
14.3.4 Typical EKM implementations. . . 404
14.3.5 Multiple EKMs for redundancy . . . 407
14.3.6 Using Virtual IP Addressing . . . 408
14.3.7 Key manager backup . . . 409
14.3.8 FIPS 140-2 certification. . . 409
14.4 Other EKM considerations . . . 410
14.4.1 EKM Release 1 to EKM Release 2 migration . . . 410
14.4.2 Data exchange with business partners or other platforms . . . 410
14.4.3 Disaster recovery considerations . . . 411
14.4.4 i5/OS disaster recovery considerations. . . 411
14.4.5 EKM performance considerations . . . 411
Chapter 15. Implementing the Encryption Key Manager. . . 413
15.1 Implementing EKM in z/OS . . . 414
15.1.1 z/OS UNIX System Services. . . 414
15.1.2 Installing EKM in z/OS . . . 415
15.1.3 Security products involved: RACF, Top Secret, and ACF2. . . 417
15.1.4 Create a JCE4758RACFKS for EKM . . . 418
15.1.5 Setting up the EKM environment . . . 420
15.1.6 Starting EKM . . . 423
15.1.7 Additional definitions of hardware keystores for z/OS. . . 428
15.1.8 Virtual IP Addressing . . . 429
15.1.9 EKM TCP/IP configuration . . . 430
Contents ix
15.2.1 Install the IBM Software Developer Kit . . . 431
15.3 Installing EKM on a Microsoft Windows platform . . . 436
15.3.1 EKM setup tasks . . . 437
15.3.2 Installing the IBM Software Developer Kit on Microsoft Windows. . . 438
15.3.3 Starting EKM on Microsoft Windows. . . 443
15.3.4 Configuring and starting EKM . . . 444
15.4 Installing EKM in i5/OS . . . 450
15.4.1 New installation of the Encryption Key Manager. . . 450
15.4.2 Upgrading the Encryption Key Manager . . . 453
15.4.3 Configuring EKM for tape data encryption . . . 455
15.5 Implementing LTO4 and LTO5 encryption . . . 458
15.5.1 LTO4 EKM implementation checklist . . . 459
15.5.2 Download the latest EKM software . . . 459
15.5.3 Create a JCEKS keystore . . . 463
15.5.4 Off-site or business partner exchange with LTO4 compared to 3592. . . 466
15.5.5 EKM Version 2 installation and customization on Microsoft Windows . . . 467
15.5.6 Starting EKM . . . 469
15.5.7 Starting EKM as a Microsoft Windows Service . . . 470
15.6 Implementing LTO4 and LTO5 Library-Managed Encryption . . . 472
15.6.1 Barcode Encryption Policy . . . 472
15.6.2 Specifying a Barcode Encryption Policy . . . 475
15.6.3 TS3500 Library-Managed Encryption differences from TS3310, TS3200, TS3100, and TS2900 . . . 479
15.7 LTO4 or LTO5 System-Managed Encryption implementation. . . 480
15.7.1 LTO4 SME implementation checklist for Windows . . . 480
Chapter 16. Planning and managing your keys with Encryption Key Manager . . . . 481
16.1 Keystore and SAF Digital Certificates (keyrings) . . . 482
16.2 JCEKS. . . 482
16.2.1 Examples of managing public-private key pairs . . . 483
16.2.2 Managing symmetric keys in a JCEKS keystore. . . 486
16.2.3 Example using iKeyman . . . 490
16.3 JCE4758KS and JCECCAKS . . . 497
16.3.1 Script notes . . . 497
16.3.2 Symmetric keys in a JCECCAKS . . . 499
16.4 JCERACFKS . . . 500
16.5 JCE4758RACFKS and JCECCARACFKS . . . 502
16.5.1 RACDCERT keywords . . . 503
16.5.2 Best practice . . . 505
16.6 PKCS#11 . . . 506
16.7 IBMi5OSKeyStore . . . 506
16.7.1 Digital Certificate Manager . . . 507
16.7.2 Setting up an IBMi5OSKeyStore. . . 507
16.8 ShowPrivateTool . . . 522
16.9 MatchKeys tool . . . 524
16.10 Hardware cryptography . . . 527
Chapter 17. Encryption Key Manager operational considerations. . . 531
17.1 EKM commands . . . 532
17.1.1 The EKM sync command and EKM properties file . . . 532
17.1.2 EKM command-line interface and command set . . . 533
17.2 Backup procedures . . . 538
17.2.2 Identifying DFSMShsm to z/OS UNIX System Services . . . 540
17.2.3 Keystore backup . . . 540
17.2.4 RACF . . . 541
17.3 ICSF disaster recovery procedures. . . 542
17.3.1 Key recovery checklist . . . 542
17.3.2 Prerequisites . . . 543
17.3.3 Pre-key change: All LPARs in the sysplex . . . 543
17.3.4 Check the ICSF installation options data . . . 546
17.3.5 Disable all services . . . 547
17.3.6 Entering master keys for all LPARs in the sysplex . . . 548
17.3.7 Post-key change for all LPARs in the sysplex. . . 553
17.3.8 Exiting disaster recovery . . . 554
17.4 Business partner tape-sharing example . . . 554
17.4.1 Key-sharing steps . . . 554
17.4.2 Exporting a public key and certificate to a business partner . . . 555
17.4.3 Exporting a symmetric key from a JCEKS keystore . . . 559
17.4.4 Importing a public key and a certificate from a business partner . . . 559
17.4.5 Tape exchange and verification . . . 561
17.4.6 Importing symmetric keys to a JCEKS keystore . . . 563
17.5 RACF export tool for z/OS . . . 563
17.6 Audit log considerations . . . 564
17.6.1 Audit overview. . . 565
17.6.2 Audit log parsing tool . . . 565
Chapter 18. Implementing TS1100 series encryption in System z . . . 571
18.1 Implementation overview . . . 572
18.2 Implementation prerequisites . . . 572
18.2.1 Implementing the initial tape library hardware. . . 573
18.2.2 Initial z/OS software definitions . . . 574
18.3 EKM implementation overview . . . 575
18.4 Implementing the tape library . . . 576
18.4.1 Implementation steps for the IBM TS3500 Tape Library. . . 576
18.4.2 Implementation steps for the IBM 3494 Tape Library . . . 579
18.4.3 Implementation steps for the IBM TS3400 Tape Library. . . 583
18.5 Implementing the tape control unit . . . 585
18.6 z/OS implementation steps . . . 585
18.6.1 z/OS software maintenance . . . 586
18.6.2 Update PARMLIB member IECIOSxx. . . 586
18.6.3 Define or update Data Class definitions . . . 587
18.6.4 Considerations for JES3 . . . 591
18.6.5 Tape management system . . . 592
18.6.6 DFSMSrmm support for tape data encryption. . . 592
18.6.7 DFSMSdfp access method service . . . 596
18.6.8 Data Facility Data Set Services considerations . . . 597
18.6.9 DFSMS Hierarchal Storage Manager considerations . . . 598
18.7 z/VM implementation steps . . . 599
18.7.1 Tape library and tape control unit implementation . . . 600
18.7.2 Out-of-band encryption . . . 600
18.7.3 Defining key aliases to z/VM . . . 604
18.7.4 Using ATTACH and DETACH to control encryption . . . 605
18.7.5 Using SET RDEVICE to control encryption. . . 606
18.7.6 QUERY responses . . . 606
Contents xi
18.8 Miscellaneous implementation considerations . . . 607
18.8.1 Data exchange with other data centers or business partners . . . 607
18.8.2 Availability . . . 608
18.9 TS1120 and TS1130 tape cartridge rekeying in z/OS. . . 608
18.9.1 TS1120 Model E05 rekeying support in z/OS . . . 608
18.9.2 IEHINITT enhancements . . . 609
18.9.3 Security considerations . . . 612
18.9.4 Packaging . . . 612
18.9.5 Rekeying exits and messages . . . 612
Chapter 19. Implementing TS7700 tape encryption . . . 613
19.1 TS7700 encryption overview . . . 614
19.2 Prerequisites . . . 615
19.2.1 Tape drives . . . 615
19.2.2 TS7700 Virtualization Engine . . . 615
19.2.3 Library Manager . . . 615
19.2.4 Encryption Key Manager. . . 615
19.3 Implementation overview . . . 616
19.3.1 Implementing the initial tape library hardware. . . 616
19.3.2 Implementing the initial TS7700 . . . 616
19.3.3 Initial z/OS software definitions . . . 617
19.3.4 EKM implementation overview . . . 617
19.4 Tape library implementation and setup for encryption . . . 617
19.4.1 Enabling drives for encryption in the IBM TS3500 Tape Library. . . 618
19.4.2 Enabling drives for encryption in the IBM 3494 Tape Library . . . 620
19.4.3 Encryption-enabled drives . . . 623
19.5 Software implementation steps . . . 623
19.5.1 z/OS software maintenance . . . 623
19.5.2 Encryption Key Manager installation. . . 623
19.5.3 z/OS DFSMS implementation steps . . . 623
19.6 TS7700 implementation steps. . . 624
19.6.1 Configuring the TS7700 for encryption . . . 624
19.6.2 Creating TS7700 storage groups . . . 626
19.6.3 Creating TS7700 management classes . . . 627
19.6.4 Activate the TS7700 Encryption Feature License . . . 629
19.6.5 EKM addresses. . . 631
19.6.6 Testing EKM connectivity . . . 632
19.6.7 Configuring pool encryption settings for the TS7700 . . . 632
19.7 Implementation considerations . . . 634
19.7.1 Management construct definitions and transfer . . . 634
19.7.2 Changing storage pool encryption settings . . . 634
19.7.3 Moving data to encrypted storage pools . . . 635
19.7.4 EKM operation . . . 637
19.7.5 Tracking encryption usage . . . 638
19.7.6 Data exchange with other data centers or business partners . . . 638
19.8 TS7700 encryption with z/VM, z/VSE, or z/TPF . . . 638
Chapter 20. Implementing TS1120 and TS1130 encryption in an open systems environment . . . 641
20.1 Encryption overview in an open systems environment . . . 642
20.2 Adding drives to a logical library . . . 643
20.2.1 Advanced Library Management System considerations . . . 643
20.3 Managing the encryption and business partner exchange . . . 644
20.3.2 Keeping track of key usage. . . 647
20.4 Encryption implementation checklist . . . 648
20.4.1 Planning your EKM environment. . . 648
20.4.2 EKM setup tasks . . . 649
20.4.3 Application-Managed Encryption setup tasks . . . 649
20.4.4 System-Managed (Atape) Encryption setup tasks . . . 650
20.4.5 Library-Managed Encryption setup tasks . . . 651
20.5 Implementing Library-Managed Encryption . . . 651
20.5.1 LME implementation tasks . . . 651
20.5.2 Upgrading firmware. . . 652
20.5.3 Add EKM or Tivoli Key Lifecycle Manager IP addresses . . . 658
20.5.4 Enabling Library-Managed Encryption . . . 659
20.5.5 Barcode Encryption Policy . . . 662
20.6 Implementing System-Managed Encryption . . . 668
20.6.1 System-Managed Encryption tasks. . . 669
20.6.2 Atape device driver . . . 670
20.6.3 Update Atape EKM proxy configuration . . . 670
20.6.4 System-Managed Encryption Atape device entries . . . 672
20.6.5 Updating the Atape device driver configuration . . . 673
20.6.6 Enabling System-Managed Encryption using the TS3500 web GUI. . . 674
20.6.7 Using SMIT to enable System-Managed Encryption . . . 676
20.6.8 Managing System-Managed Encryption and business partner exchange . . . . 683
20.7 Application-Managed Encryption . . . 686
20.7.1 IBM Tivoli Storage Manager overview . . . 686
20.7.2 IBM Tivoli Storage Manager support for 3592 drive encryption . . . 687
20.7.3 Implementing Application-Managed Encryption . . . 688
20.7.4 IBM Tivoli Storage Manager encryption considerations . . . 691
20.8 IBM 3494 with TS1120 or TS1130 encryption . . . 692
20.8.1 Review the 3494 encryption-capable drives . . . 692
20.8.2 Specifying a Barcode Encryption Policy . . . 696
20.8.3 Entering the EKM IP address and key labels . . . 698
20.8.4 ILEP key label mapping . . . 699
Chapter 21. Tape data encryption with i5/OS . . . 701
21.1 Planning for tape data encryption with i5/OS . . . 702
21.1.1 Hardware prerequisites . . . 702
21.1.2 Software prerequisites . . . 703
21.1.3 Disaster recovery considerations . . . 704
21.1.4 EKM keystore considerations . . . 705
21.1.5 TS1120 Tape Encryption policy considerations . . . 706
21.1.6 Considerations for sharing tapes with partners. . . 707
21.1.7 Steps for implementing tape encryption with i5/OS . . . 709
21.2 Setup and usage of tape data encryption with i5/OS . . . 709
21.2.1 Creating an EKM keystore and certificate. . . 710
21.2.2 Configuring the TS3500 library for Library-Managed Encryption . . . 722
21.2.3 Importing and exporting encryption keys . . . 732
21.2.4 Working with encrypted tape cartridges . . . 744
21.2.5 Troubleshooting . . . 749
Part 4. DS8000 encryption features. . . 751
Chapter 22. IBM System Storage DS8000 encryption preparation. . . 753
22.1 Encryption-capable DS8000 ordering and configuration. . . 754
Contents xiii
22.3 Tivoli Key Lifecycle Manager configuration . . . 756
22.3.1 Log in to Tivoli Integrated Portal . . . 756
22.3.2 Creating an image certificate or certificate request. . . 757
22.3.3 Configure the SFIs . . . 761
22.3.4 Starting and stopping the Tivoli Key Lifecycle Manager server and determining its status . . . 765
22.4 Configuring the Tivoli Key Lifecycle Manager server connections to the DS8000 . . 767
Chapter 23. DS8000 encryption features and implementation . . . 771
23.1 DS8100/DS8300 (R4.2) GUI configuration for encryption . . . 772
23.1.1 Configuring the encryption group . . . 772
23.1.2 Applying the encryption activation key . . . 773
23.1.3 Configuring and administering encrypted arrays. . . 776
23.1.4 Configuring and administering encrypted ranks . . . 780
23.1.5 Configuring and administering encrypted extent pools . . . 783
23.2 DS8700 (R5.0) GUI configuration for encryption . . . 788
23.2.1 Configuring the recovery key . . . 788
23.2.2 Configuring the encryption group . . . 792
23.2.3 Applying the encryption activation key . . . 794
23.2.4 Configuring and administering encrypted arrays. . . 796
23.2.5 Configuring and administering encrypted ranks . . . 798
23.2.6 Configuring and administering encrypted extent pools . . . 801
23.3 DS8000 DS CLI configuration for encryption . . . 804
23.3.1 Configuring the Tivoli Key Lifecycle Manager server connection . . . 804
23.3.2 Configuring and administering the encryption group. . . 806
23.3.3 Applying encryption activation key . . . 807
23.3.4 Creating encrypted arrays. . . 807
23.3.5 Creating encrypted ranks . . . 808
23.3.6 Creating encrypted extent pools . . . 809
23.4 Encryption and Copy Services functions. . . 810
Chapter 24. DS8700 advanced encryption features and implementation . . . 811
24.1 New security roles: Storage and security administrator . . . 812
24.2 Recovery key support . . . 814
24.2.1 Configuring the recovery key . . . 814
24.2.2 Validating the recovery key . . . 818
24.2.3 Initiating recovery . . . 820
24.2.4 Using the process to rekey the recovery key . . . 826
24.2.5 Deleting the recovery key . . . 830
24.2.6 Recovery key state summary . . . 833
24.3 Dual platform key server support . . . 833
24.3.1 Setting up Tivoli Key Lifecycle Manager server . . . 833
Chapter 25. Best practices and guidelines for DS8000 encryption . . . 845
25.1 Best practices for encrypting storage environments . . . 846
25.1.1 Security . . . 846
25.1.2 Availability . . . 846
25.1.3 Encryption deadlock prevention . . . 847
25.2 Dual Hardware Management Console and redundancy . . . 850
25.2.1 Dual Hardware Management Console advantages . . . 850
25.2.2 Redundant HMC configurations . . . 850
25.3 Multiple Tivoli Key Lifecycle Managers for redundancy . . . 852
25.3.1 Setting up primary and secondary Tivoli Key Lifecycle Manager servers. . . 853 25.3.2 Synchronizing primary and secondary Tivoli Key Lifecycle Manager servers . 853
25.4 Backup and restore the Tivoli Key Lifecycle Manager servers . . . 853
25.4.1 Categories of data in a backup file . . . 854
25.4.2 Backup file security . . . 854
25.4.3 IBM Tivoli Storage Manager as a backup repository . . . 854
25.4.4 Backup and restore runtime requirements . . . 854
25.4.5 Backing up critical files . . . 855
25.4.6 Restoring a backup file . . . 856
25.4.7 Deleting a backup file . . . 858
25.5 Key exporting and importing tasks . . . 858
25.5.1 Exporting keys . . . 859
25.5.2 Importing keys. . . 859
Appendix A. z/OS planning and implementation checklists . . . 863
DFSMS Systems Managed Tape planning . . . 864
DFSMS planning and the z/OS encryption planning checklist . . . 864
Storage administrator stand-alone environment planning. . . 865
Storage administrator tape library environment planning . . . 866
DFSMS Systems Managed Tape implementation . . . 867
Object access method planning . . . 869
Storage administrator OAM planning . . . 869
OAM implementation . . . 870
DFSMShsm tape environment . . . 871
Appendix B. DS8700 encryption-related system reference codes . . . 873
Appendix C. z/OS Java and Open Edition tips . . . 877
JZOS . . . 878
Console communication with batch jobs . . . 878
Encryption Key Manager and JZOS . . . 879
MVS Open Edition tips . . . 882
Exporting a variable . . . 882
Setting up an alias . . . 882
Copying the escape character . . . 883
Advantages of VT100 . . . 884
Advanced security hwkeytool and keytool scripts . . . 885
Complete keytool example for JCEKS using hidden passwords . . . 885
Complete hwkeytool example for JCE4758KS using hidden passwords . . . 887
Java . . . 889
Security and providers . . . 889
Garbage Collector . . . 890
Verifying the installation . . . 891
z/OS region size . . . 891
Policy files . . . 891
Appendix D. Asymmetric and Symmetric Master Key change procedures . . . 893
Asymmetric Master Key change ceremony . . . 894
Prerequisites . . . 894
Testing encryption and decryption . . . 894
Pre-key change: Disabling PKA services for all images in the sysplex. . . 894
Key change: First LPAR in the sysplex . . . 896
Key change: Subsequent LPARs in the sysplex . . . 902
Post-key change: All LPARs in the sysplex . . . 906
ICSF tips . . . 910
Contents xv
Symmetric Master Key change ceremony . . . 911
Prerequisites . . . 912
Testing the encryption and decryption . . . 912
Disabling dynamic CKDS updates for all images in the sysplex . . . 912
Key change: First LPAR in the sysplex . . . 913
Reenciphering the CKDS under the new SYM-MK. . . 919
Changing the new SYM-MK and activating the re-enciphered CKDS . . . 921
Key change: Subsequent LPARs in the sysplex . . . 922
Post-key change: All LPARs in the sysplex . . . 925
Appendix E. z/OS tape data encryption diagnostics . . . 931
EKM problem determination when running z/OS . . . 932
Error scenarios . . . 932
Diagnostic scenarios . . . 935
Encryption Key Manager error codes and recovery actions. . . 938
Drive error codes . . . 940
Control unit error codes . . . 941
IOS628E message indicates connection failure . . . 942
Appendix F. IEHINITT exits and messages for rekeying . . . 943
Dynamic Exits Service Facility support . . . 944
Error conditions . . . 944
Programming considerations . . . 945
REKEY messages . . . 945
New messages . . . 946
Modified messages . . . 946
Appendix G. Implementing EKM on z/OS SECURE key processing to TS1100 and LTO4/LTO5 drives . . . 949
Implementing EKM in z/OS . . . 950
Prerequisites . . . 950
z/OS UNIX System Services. . . 950
Installing the Encryption Key Manager in z/OS. . . 951
Create a JCECCAKS for EKM . . . 953
Setting up the EKM environment . . . 954
Starting EKM . . . 957
Configuring EKM TCP/IP . . . 962
Enterprise-wide key management. . . 964
Conclusions . . . 964
Appendix H. Encryption testing in an open systems environment . . . 965
Encryption key path test . . . 966
Using key path diagnostics in an LME environment . . . 966
Key Path Diagnostic test in a SME environment. . . 969
Testing data encryption . . . 973
IBM Tape Diagnostic Tool. . . 973
Encryption Verification test using the ITDT-GE. . . 973
Encryption verification using the ITDT-SE . . . 978
Encryption test using the device driver functions . . . 979
Related publications . . . 985
IBM Redbooks publications . . . 985
Other publications . . . 985
How to get IBM Redbooks publications . . . 988 Help from IBM . . . 988
© Copyright IBM Corp. 2010. All rights reserved. xvii
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.
The following company name appearing in this publication is fictitious: ZABYXC
This name is used for instructional purposes only.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:
AIX 5L™ AIX® alphaWorks® AS/400® CICS® DB2® developerWorks® DS8000® ESCON® FICON® FlashCopy® i5/OS® IBM® iSeries® Language Environment® Lotus® MVS™ Netfinity® OS/400® Parallel Sysplex® pSeries® RACF® Redbooks® Redbooks (logo) ® RS/6000® System i5® System i® System p® System Storage DS® System Storage® System x® System z9® System z® Tivoli® TotalStorage® VTAM® WebSphere® xSeries® z/OS® z/VM® z/VSE™ z9® zSeries®
The following terms are trademarks of other companies:
AMD, AMD Opteron, the AMD Arrow logo, and combinations thereof, are trademarks of Advanced Micro Devices, Inc.
SUSE, the Novell logo, and the N logo are registered trademarks of Novell, Inc. in the United States and other countries.
VMware, the VMware "boxes" logo and design are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions.
Java, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Intel Xeon, Intel, Itanium, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
© Copyright IBM Corp. 2010. All rights reserved. xix
Preface
Strong security is not a luxury anymore in today’s round-the-clock, global business environment. It is a requirement. Ensuring the protection and security of an organization’s information is the foundation of any successful business.
Encrypting data is a key element when addressing these concerns. IBM® provides a wide range of IBM storage hardware products that are capable of encrypting the data that is written on them. This product line includes a variety of disk systems and tape drives. Several IBM storage products support encryption:
Disk systems:
– IBM System Storage® DS5000 series – IBM System Storage DS8000® series Tape drives:
– IBM System Storage TS1130 Model E06 and Model EU6 Tape Drive – IBM System Storage TS1120 Model E05 Tape Drive
– IBM System Storage Linear Tape-Open (LTO) Ultrium Generation 4 Tape Drive This IBM Redbooks® publication describes IBM System Storage data encryption. This book is intended for anyone who needs to learn more about the concepts of data encryption and the IBM storage hardware and software that enable data encryption.
The team who wrote this book
This book was produced by a team of specialists from around the world working at the International Technical Support Organization, Austin Center.
Alex Osuna is a Project Leader at the International Technical Support Organization, Tucson
Center. He writes extensively and teaches IBM classes worldwide on all areas of storage. Before joining the ITSO five years ago, Alex was a Tivoli® Principal Systems Engineer in storage. Alex has over 31 years experience in the IT industry with over 29 of them spent in the storage arena. He holds certification from IBM, Red Hat, and Microsoft®.
David Crowther has over 30 years experience in the IT industry, the last 24 working for IBM.
During his IBM career, he has worked in Technical Pre-sales, Services and Support, and currently works in IBM BetaWorks where he manages early beta programs for Tivoli Security and Provisioning products. In addition, he creates and runs enablement workshops, authors technical cookbooks and manuals, and provides technical support, presents, and acts as a subject matter expert for the new products. He also has wide experience in running beta programs on and supporting products from many of the other IBM brands, including Large Systems, Networking, Pervasive, Lotus®, Voice, and WebSphere®. He is a Consulting IT Specialist, Chartered IT Professional, and Chartered Engineer, and he holds a Master’s degree in Electrical Sciences from Cambridge University.
Reimar Pflieger is an IT Specialist from Germany working at the IBM Global Technology
Services Organization. He provides post-sales support as a Product Field Engineer for RMSS products in Mainz. He joined IBM in 1998 and worked for many years as a Process Support and Manufacturing Engineer in Disk and Wafer Production. In his current job role as an RMSS Product Field Engineer, he supports Open Systems Tape, Tape Libraries from entry level to high-end level and Tape Encryption solutions. His experience with Operating Systems includes Linux®, Windows® and AIX® platforms.
Esha Seth is a Software Engineer working at the IBM Systems and Technology Labs in
Pune, India. She graduated in 2006 with a Bachelor of Engineering degree in Computer Science from Pune University. She joined IBM after graduation and has worked as a Systems Software developer for the Systems and Storage Management group. During her tenure at IBM, she has contributed to all phases of the software development life cycle and
collaborated with global teams in various projects for the IBM Systems Director product. Her areas of technical expertise include understanding storage and systems Management, IBM Systems Management solutions, service-oriented architecture (SOA), JAVA and Eclipse and OSGi plug-in development. Currently, she is a part of the IBM Systems Director Network Manager team and is involved in its development efforts.
Ferenc Toth is a Test Engineer working for DS8000 Storage Server manufacturing in Vac,
Hungary. He has four years of experience in high-end disk subsystem testing, test process optimization, and new product implementation. He holds a Masters of Science degree in Electrical Engineering, with a specialization in embedded systems, from the Budapest University of Technology and Economics, Hungary. His focus is hardware and software qualification for all the supported DS8000 releases in the manufacturing environment. Thanks to the following people for their contributions to this project:
David Kahler
IBM Systems & Technology Group, Systems Hardware Development Steven R. Hart, CISSP
z/OS® Cryptography Anjul Mathur IBM Tucson Jacob Sheppard IBM Tucson James Whelan
IBM Systems & Technology Group, Development Operations and Technical Support
Now you can become a published author, too!
Here’s an opportunity to spotlight your skills, grow your career, and become a published author - all at the same time! Join an ITSO residency project and help write a book in your area of expertise, while honing your experience using leading-edge technologies. Your efforts will help to increase product acceptance and customer satisfaction, as you expand your network of technical contacts and relationships. Residencies run from two to six weeks in length, and you can participate either in person or as a remote resident working from your home base.
Preface xxi
Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways:
Use the online Contact us review Redbooks form found at: ibm.com/redbooks
Send your comments in an email to:
redbooks@us.ibm.com
Mail your comments to:
IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099
2455 South Road
Poughkeepsie, NY 12601-5400
Stay connected to IBM Redbooks
Find us on Facebook:
http://www.facebook.com/IBMRedbooks
Follow us on twitter:
http://twitter.com/ibmredbooks
Look for us on LinkedIn:
http://www.linkedin.com/groups?home=&gid=2130806
Explore new Redbooks publications, residencies, and workshops with the IBM Redbooks weekly newsletter:
https://www.redbooks.ibm.com/Redbooks.nsf/subscribe?OpenForm
Stay current on recent Redbooks publications with RSS Feeds:
© Copyright IBM Corp. 2010. All rights reserved. 1
Part 1
Introduction to data
encryption
In this part, we introduce the concepts of data encryption and the IBM storage hardware and software that enable data encryption.
© Copyright IBM Corp. 2010. All rights reserved. 3
Chapter 1.
Encryption concepts and
terminology
In this chapter, we introduce data encryption concepts and terminology.
1.1 Concepts of storage data encryption
In this section, we describe basic encryption, cryptographic terms, and ideas. Encryption has been used to exchange information in a secure and confidential way for many centuries. Encryption transforms data that is unprotected, or
plain
text
, into encrypted data, orciphertext,
by using akey
. It is very difficult to “break” ciphertext in order to change it back to the clear text without the associated encryption key.Computer technology has enabled increasingly sophisticated encryption algorithms. Working with the U.S. Government National Institute of Standards and Technology (NIST), IBM invented one of the first computer-based algorithms, Data Encryption Standard (DES), in 1974. With the advances in computer technology, DES is now considered obsolete. Today, there are several widely used encryption algorithms, including Triple DES (TDES) and Advanced Encryption Standard (AES).
Early encryption methods used the same key to encrypt clear text to generate cipher text and to decrypt the cipher text to regenerate the clear text. Because the same key is used for both encryption and decryption, this method is called
symmetric encryption
. All the encryption algorithms previously mentioned use symmetric encryption.It was only in the 1970s that cryptographers invented asymmetric key algorithms for encryption and decryption. These algorithms use separate keys for encryption and
decryption. The keys are mathematically related, but deriving one key from the other key is practically impossible. Encryption methods using separate keys for encryption and decryption are called
asymmetric encryption.
Asymmetric encryption addresses certain drawbacks of symmetric encryption, which became more important with computer-based cryptography, which we describe in detail in the
following sections about symmetric and asymmetric key encryption.
The IBM Storage Data Encryption solution uses a combination of symmetric and asymmetric encryption methods.This combination of symmetric and asymmetric encryption algorithms is prevalent in many security solutions, including Transport Layer Security (TLS), Internet Protocol Security (IPSec), and Kerberos.
1.1.1 Symmetric key encryption
Symmetric key encryption uses identical keys, or keys that can be related through a simple transformation, for encryption and decryption. Everyone who gets knowledge of the key can transform the ciphertext back to plain text. If you want to preserve confidentiality, you must protect your key and keep it a secret. Therefore, symmetric encryption is also called
private
orsecret key encryption
, which is not to be confused with the private key in an asymmetric key system.In Figure 1-1 on page 5, we show a sample encryption and decryption data flow path. Here, we use the symmetric key AES_256_ITSO to encrypt plain text using the AES encryption algorithm, which yields encrypted data. The decryption of the enciphered text uses the same AES_256_ITSO symmetric key and the AES algorithm to decrypt the data back to its plain text format.
Chapter 1. Encryption concepts and terminology 5
Figure 1-1 Symmetric key encryption
Symmetric key encryption algorithms are significantly faster than asymmetric encryption algorithms, which makes symmetric encryption an ideal candidate for encrypting large amounts of data.
In addition, the comparable key sizes for symmetric encryption as opposed to asymmetric encryption differ significantly. While a symmetric AES encryption might use a 128-bit secret key, the Rivest-Shamir-Adleman (RSA) encryption algorithm suggests a 1024-bit key length. Secret key algorithms can be architected to support encryption one bit at a time or by specified blocks of bits. The AES standard supports 128-bit block sizes and key sizes of 128, 192, and 256 bits. The IBM tape and disk data encryption solution uses an AES-256 bit key. Other well-known symmetric key examples include Twofish, Blowfish, Serpent, Cast5, DES, TDES, and IDEA.
Speed and short key length are advantages of symmetric encryption, but symmetric
encryption has two drawbacks, which are the way that keys are exchanged and the number of required keys.
Secure exchange of keys has always been a problem with symmetric encryption. The sender and the recipient have to share a common, secret key. The sender of a confidential message must make sure that no one other than the intended recipient gets knowledge of the key. So, the sender has to transfer the key to the recipient in a secure way, for example, in a
face-to-face meeting, through a trusted courier, or a secure electronic channel. This method of transferring keys might work as long as only a few people are involved in the exchange of confidential information. When a larger number of people have to exchange keys, the distribution of secret keys becomes difficult and inefficient with this method.
The second drawback of symmetric encryption is the large number of required keys. When a group of people are to exchange symmetrically encrypted information, each possible pair of two people in this group has to share a secret key. The number of required keys grows very
Symmetric Key AES_256_ITSO
Algorithm
AES Encrypted Data
Symmetric Key AES_256_ITSO Decryption Process Decryption Process Encryption Process Plain Text Encrypted Data
Plain Text Algorithm
fast with the number of people in the group. The number of required keys in relation to the number of people can be calculated with the following formula, where k is the number of keys, and n is the number of people:
kn=n(n-1)/2
As you can see in Figure 1-2, the number of required keys grows extremely fast. For a group of 100 people, 4,950 separate keys are required. A group of 1,000 people requires 499,500 keys. Key distribution and key management are challenges.
Figure 1-2 Number of keys required for symmetric encryption
The IBM tape data encryption solution utilizes an AES algorithm with a key length of 256 bits for the encryption on the tape drive. The AES algorithm is based on the Rijndael algorithm. AES is an accepted standard that supports a subset of the key sizes and block sizes that the Rijndael algorithm supports.
The shortcomings of symmetric encryption in terms of key distribution and key management are addressed by asymmetric key encryption, which we describe in the next section.
1.1.2 Asymmetric key encryption
The
asymmetric key encryption
method uses key pairs for encrypting and decrypting data. One key is used to encrypt the data, and the other key is used to decrypt the data. Because the key that is used for encrypting a message cannot be used for decrypting it, this key does not have to be kept a secret. It can be widely shared and is therefore called apublic key
. Anyone who wants to send secure data to an organization can use its public key. The receiving organization then uses itsprivate key
to decrypt the data. The private key is the corresponding half of the public-private key pair and must always be kept a secret. BecauseRijndael algorithm: The Rijndael algorithm supports block sizes of 128, 160, 192, 224,
Chapter 1. Encryption concepts and terminology 7
asymmetric encryption uses public-private key pairs, it is also called
public-private key
encryption
orpublic key encryption.
Public-private key encryption is useful for sharing information between organizations and is widely used on the Internet today to secure transactions, including Secure Sockets Layer (SSL).
The concept of asymmetric encryption is relatively new. For centuries, cryptographers believed that the sender and the recipient had to share the same secret key. In the early 1970s, British cryptographers Ellis, Cocks, and Williamson discovered a way to use separate keys for encrypting and decrypting data. Because they were working for GCHQ, a British intelligence agency, their findings were kept secret until 1997. In 1976, Whitfield Diffie and Martin Hellman invented a solution to the problem, which has since become known as the Diffie-Hellman key exchange. In 1977 Ron Rivest, Adi Shamir, and Leonard Adleman published an algorithm for public-key encryption.
Well-known examples of asymmetric key algorithms are RSA, Diffie-Hellman, Elliptic curve cryptography (ECC), and ElGamal.
Today, the Rivest-Shamir-Adleman (RSA) algorithm is the most widely used public key technique.
The advantage of asymmetric key encryption is the ability to share secret data without sharing the same encryption key. But there are disadvantages, too. Asymmetric key encryption is computationally more intensive and therefore significantly slower than symmetric key encryption. In practice, you will often use a combination of symmetric and asymmetric encryption. We describe this method in 1.1.3, “Hybrid encryption” on page 9.
Digital signature
You can use public/private key pairs to protect the content of a message, and also to digitally sign a message. When a digitally signed message is sent, the receiver can be sure that the sender has sent it, because the receiver can prove it by using the public key from the sender. In practice, predominantly for efficiency reasons, a hash value of the message is signed rather than the whole message, but the overall procedure is the same.
For example, if Tony wants to send JoHann a digitally signed message, Tony will not use JoHann’s public key to encrypt the message, but Tony’s own private key. The content of the encrypted message is not protected, because anyone can decrypt the message by using Tony’s public key. But, if JoHann is able to decrypt Tony’s message with Tony’s public key, JoHann can be sure that Tony sent the message. JoHann has proof that the message was encrypted with Tony’s private key, and JoHann knows that only Tony has access to this key. In the previous example, JoHann has to make sure that Tony’s public key really belongs to Tony, and not to someone pretending to be Tony. If JoHann cannot confirm that it is really Tony’s public key, JoHann will need a trusted third party to verify Tony’s identity. A
certificate
issued and signed by aCertification Authority
(CA) can confirm that the public key belongs to Tony. Acertificate
binds together the identity of a person or organization and its public key. If JoHann trusts the CA, JoHann can be sure that it really was Tony who sent the message. We describe certificates in detail in 1.1.4, “Digital certificates” on page 9.Trapdoor functions: RSA uses
trapdoor functions
. Trapdoor functions are mathematical functions that are easy to compute in one direction, but they are difficult to compute in the reverse direction without additional information. This additional information is called thetrapdoor
. In the case of RSA, the private key is the trapdoor.Of course, you can combine public key encryption and digital signature to produce a message that is both encryption protected and digitally signed.
Example of public-private key encryption
Figure 1-3 shows an encryption and decryption data path when using public key encryption algorithms. In the diagram, the plain text is enciphered using the public key and an RSA encryption algorithm, which yields the encrypted data.
Starting with the enciphered text, a private key is used, with the RSA algorithm to decrypt the data back to plain text.
Figure 1-3 Public-private key encryption
In Figure 1-4 on page 9, we show a more complicated example of data protection and sharing using an asymmetric key pair. In this example, Tony has a private key, and JoHann has a copy of Tony’s public key. Tony sends JoHann a message that is encrypted with Tony’s private key. JoHann then uses the public key to decrypt the message. When the message is decrypted to clear text, this decryption proves to JoHann that he is in fact communicating with Tony, because only Tony has a copy of the private key. JoHann then public-key encrypts the data that he wants to protect and sends it to Tony. Tony can use his private key to decrypt the data.
Asymmetric Public Key
Plain Text
Public/Private Key Encryption
Algorithm RSA Encrypted Data Asymmetric Private Key Algorithm AES Encrypted Data Decryption Process Algorithm RSA
Plain Text
Chapter 1. Encryption concepts and terminology 9
Figure 1-4 Identity verification using public-private key encryption
Both asymmetric and symmetric key encryption schemes are powerful ways to protect and secure data.
1.1.3 Hybrid encryption
In practice, encryption methods often combine symmetric and asymmetric encryption. Thus, they can take advantage of fast encryption with symmetric encryption and still securely exchange keys using asymmetric encryption.
Hybrid methods use a symmetric data key to actually encrypt and decrypt data. They do not transfer this symmetric data key in the clear, but they use public-private key encryption to encrypt the data key. The recipient is able to decrypt the encrypted data key and use the data key to encrypt or decrypt a message.
Hybrid encryption methods allow you to combine secure and convenient key exchange with fast and efficient encryption of large amounts of data.
1.1.4 Digital certificates
Another possibility is to make sure that the sender can trust the receiver by using a certificate, which is signed by a certificate authority(CA). Digital certificates are a way to bind public key information with an identity. The certificates are signed by a CA. If users trust the CA and can verify the CA’s signature, they can also verify that a certain public key does indeed belong to the person or entity that is identified in the certificate.
Private Key Message Network Encrypted Public Key Data Encrypted Private Key
Bob
Message DataAlice
Message Data Public KeyDigital certificates
are thus a way to bind public key information with an identity. The following information can be stored in a digital certificate: Name of the issuer
Subject Distinguished Name (DN) Public key belonging to the owner Validity date for the public key Serial number of the digital certificate Digital signature of the issuer
In this section, we describe the X.509 Public Key Infrastructure (PKI), certificate chains, the certificate request, and certificate responses. X.509 is a well established and accepted standard for certificate management.
In Figure 1-5 on page 11, we have an abstract simplified version of part of the process of a self-signed certificate. It shows that both the issuer and the subject of the certificate are IBM. This certificate has a public key, a private key, and a public key that is
signed
by the private key of this certificate. Data can be encrypted using a public key, which can then be decrypted by a private key. This situation means that only the entity with the private key can decrypt the data and ensures that only the entity for whom the data is intended can decrypt it.When the private key is used to encrypt data, additional aspects must be considered. In this case, we have a copy of the public key as clear text, and a copy that is encrypted by our private key. This case means that
anyone
with a copy of our freely shared public key can decrypt the data.This approach means that when we send copies of our public key out in a certificate format, the entity receiving the certificate can verify that the public key they were sent was sent by us, was not intercepted in transit, and was not tampered with.
Because we have the only copy of our private key, we are the only entity that can encrypt a copy of the public key in the certificate. If the entity uses our public key to decrypt the enciphered copy of the public key in the certificate, if the decrypted public key matches the clear public key, and if the owners of the public key trust that only we have our private key, they know that when they use that public key to encrypt data, we are the only entity with the capability to decrypt it. Figure 1-5 on page 11 shows a sample digital certificate.
In general, using a public key to encrypt data secures that data, ensuring confidentiality. When using a private key to encrypt data, the following conditions are true:
Identity proof Message integrity Non-repudiation
Chapter 1. Encryption concepts and terminology 11
Figure 1-5 Sample digital certificate
When sending information that was private key-encrypted, the receiver of the message knows that the message must have been sent by the entity with the private key; the receiver also can verify that the message was not tampered with. Finally, the entity receiving a message that was private key-encrypted knows that the message that they got cannot be denied by the sender. Only the sender has the private key; therefore, the sender must have sent it.
Certificate authorities
A
certificate authority (CA)
is a company that holds and makes available trusted certificates. Companies can send certificates to a CA to be added to the chain of trust. As long as a company trusts the CA, certificates that are issued by that CA can be trusted.For example, Figure 1-6 on page 12 describes what company ZABYXC does to generate a certificate request to the JohannTonyArtCA third-party certificate authority (CA) company. In the figure, we see that company ZABYXC already trusts JohannTonyArtCA, because ZABYXC has a copy of the JohannTonyArtRootCA in its certificate repository. This copy of JohannTonyArtRootCA has only the public key and an encrypted copy of the public key, which is encrypted with JohannTonyArtRootCA’s private key.
Company ZABYXC also has a self-signed personal certificate with a public and a private key associated with it. Using certificate managing tools, company ZABYXC exports a copy of its self-signed personal certificate that includes only the certificate information, the public key, and the encrypted version of the public key.
This certificate request is sent to JohannTonyArtCA.
Figure 1-6 Certificate request
In Figure 1-7 on page 13, JohannTonyArtCA receives the certificate response from company ZABYXC. JohannTonyArtCA then uses the private key from JohannTonyArtRootCA to encrypt a copy of the certificate request’s public key and attaches both the clear public key and the new encrypted copy of the public key to a certificate response. In addition, the certificate response has the issuer changed to JohannTonyArtCA. This response is sent to company ZABYXC.
When company ZABYXC receives the certificate response from JohannTonyArtCA, company ZABYXC imports the certificate into the company’s certificate repository. The company replaces the self-signed personal certificate in the repository, and it keeps the private key previously associated with the personal certificate.
Company ZABYXC can verify that the certificate response came from JohannTonyArtCA, because they have a copy of JohannTonyArtRootCA. They can use the public key from JohannTonyArtRootCA to verify that the certificate response came from JohannTonyArtCA.
Third Party, CA Cert. Repository JohannTonyArt, CA Company ZABYXC Certs JohannTonyArt Root, CA Public Key JohannTonyArt Root, CA Issuer = JohannTonyArt Subject = JohannTonyArt Public Key Private Key Self Signed Personal Cert Subject = ZABYXC Issuer = ZABYXC Public Key Private Key Certificate Request