Encryption Facility for z/os

Transcription

1 Encryption Facility for z/os Greg Boyd

2 Feature: Encryption Services Optional Priced Feature z Format Supports encrypting and decrypting of data at rest (tapes, disk) Supports either Public Key/Private keys or passwords to create highly-secure exchange between partners OpenPGP Format Internet Draft Standard RFC2440/RFC4880 zaap eligible X.509 or OpenPGP Certificates IBM Encryption Facility for z/os, 1.2 Program number: 5655-P97 MSU-based pricing* Runs on the following servers: System z196, z10 (EC & BC) z9 (EC & BC) zseries 900 or 990 zseries 800 or 890 Requires: z/os 1.6 or higher; z/os.e 1.6 or higher/hcr7720+ Java Client Web Download Java technology-based code that allows client systems (z/os and non-z/os) to decrypt and encrypt data for exchange with z/os systems (zformat) Decryption Client for z/os Web Download Decryption only code designed to run on z/os systems. (i.e. zformat) Feature: DFSMSdss Encryption Optional Priced Feature Allows encryption and compression of DUMP data sets created by DFSMSdss Supports decryption and decompression during RESTORE Variable Workload License Charges (VWLC), Entry Workload License Charges (EWLC), zseries Entry License Charges (zelc), Parallel Sysplex License Charges (PSLC) Page 2

3 Clear Key / Secure Key / Protected Key Clear Key key may be in the clear, at least briefly, somewhere in the environment Secure Key key value does not exist in the clear outside of the HSM (secure, tamper-resistant boundary of the card) Protected Key key value does not exist outside of physical hardware, although the hardware may not be tamper-resistant Page 3

4 System z CPACF Hardware z196 (GA2) & z114 & zec12 Symmetric Clear Key DES (56-, 112-, 168-bit), new chaining options AES-128, AES-192, AES-256, new chaining options SHA-1, SHA-256, SHA-512 (SHA-2 Suite) PRNG Protected Key TechDoc WP A Synopsis of System z Crypto Hardware Page 4

5 zec12 PCI Crypto Hardware CEX4S Secure Key DES/TDES Secure Key AES Financial (PIN) Functions Key Generate/Key Management Random Number Generate and Generate Long Protected Key Support RSA & ECC Operations (SSL Handshakes) EP11 Mode (Secure Key PKCS #11) Coprocessor or Accelerator or PKCS #11 TechDoc WP A Synopsis of System z Crypto Hardware Page 5

6 Password Option Clear text Password Password File A Password Hashed via PKCS #12 A Password Hashed via PKCS #12 Symmetric Algorithm A Symmetric Key Encrypted File w/header Symmetric Key Encrypted File w/header A Symmetric Algorithm Clear text File Page 6

7 RSA Option Public Key (via Certificate?) Clear text File A A Symmetric Key A Random Number Generate PKA Symmetric Algorithm A Clear text File Symmetric Algorithm Symmetric Key Encrypted File w/encrypted Key in the header Encrypted File w/encrypted Key in the header A PKA Private Key Page 7

8 Password vs RSA Hardware Requirements PASSWORD/RSA Password 8-32 byte password used to generate a key that protects the data General Purpose CPs RSA label of an existing public key that will encrypt the data key PCI Coprocessor w/master keys loaded Page 8

9 Where is the encryption done? CLRAES AES-128 bit clear key zec12, z196/z114, z10 EC & BC, z9 EC & BC - CPACF z890/z990, z800/z900 in software (ICSF) CLRTDES TDES clear key zec12, z196/z114, z10 EC & BC, z9 EC & BC, z890/z990 - CPACF z800/z900 - CCF (but uses secure key APIs) ENCTDES TDES secure key zec12 - CEX4SC or CEX3C z196, z114 - CEX3C z10 EC & BC - CEX3C or CEX2C z9 - CEX2C z890/z990 - CEX2 or PCIXCC z800/z900 CCF No AES secure key support Page 9

10 To Compress or Not To Compress Compression Yes Uses General Purpose CPs to do the compression (competes with other work in the system) Requires approx 50% more tapes than compressing at the drive No No compression workload on the General Purpose CPs Requires approximately 2-3 times more tapes than compressing at the drive Page 10

11 Other Parameters DESC=description freeform text ICOUNT=SHA PKCS#12 iteration count (default 16) INFO (Decrypt Only) Recover and print info about the file from the header Page 11

12 1.5GB Sample Run Times your mileage may vary. System (Mbytes/ CPU sec) Clear Key TDES Clear Key Triple-DES w/ Compression Clear Key AES Clear Key AES w/ Compression Secure Key TDES Secure Key TDES w/ Compression z z z z z These figures are from a LAB run and do not necessarily represent values you may achieve. Page 12

13 Flexible Options for partners Encryption facility for z/os 1.2 Decryption Client for z/os Java Based Client Java Based Client (Partner without z/os) Packaging Encrypt/ Decrypt Compression Other important facts Priced product 5655-P97 Encryption Services feature Full function encrypt/ decrypt Compression and decompression Can encrypt and decrypt using mainframe crypto acceleration and compression No charge Web Download (As-is code) Decrypt only No charge Web Download (As-is code) Decrypt and encrypt Decompression only No No Can decrypt using mainframe crypto acceleration and compression capabilities Can decypt an encrypted file direct to MVS data set Note: Requires secure key hardware (ex. CEX3C) when using public key Can be used on any javaenabled system, including z/os No charge Web Download (Asis code) Decrypt and encrypt Page 13

14 Cautions ENCTDES or RSA may require additional hardware setup Coprocessor required Master keys must be loaded ICSF must be active CSDFILEN will select the optimum blocksize and record format (RECFM=U) for the output media Typically bytes (half track) for disk 64K or 32K for tape CSDFILDE will use the saved file header information to reallocate the DCB info for the recovered file DCB (but not LRECL) may be increased if desired Page 14

15 Why OpenPGP? Using OpenPGP support, the customer can: Passphrase based encrypt/decrypt Public/Private key based encrypt/decrypt Digitally sign data / Verify signatures Compress data Exchange key material in OpenPGP certificates Generate key pairs and OpenPGP/x.509 certificates Value: Additional data integrity services with multiple algorithms for each service Existing open source tooling Exchange one payload with multiple partners RACF, ICSF or Java keystore repository Special text processing Page 15

16 Encryption Key OpenPGP format Data is protected by a random number Data key is protected Passphrase Based Encryption (PBE) passphrase is used to calculate a key that is used to encrypt the data key Certificates use a public/private key to protect the data key Page 16

17 Usage & Invocation... Invocation from an OMVS login Java jar /usr/lpp/encryptionfacility/csdencryptionfacility.jar [-homedir dir] [options] commands [inptu file ] Invocation from batch Sample JCL, environment member, PROC Messaging / Tracing Messages -> STDOUT Tracing (when active) -> STDERR XML Logging (when active) -> zfs file Configuration File Sample shipped: /usr/lpp/encryptionfacility/ibmef.config Default Search Location: /etc/encryptionfacility Page 17

18 Usage & Invocation (cont.) Data I/O zfs PDS, PDSE, Sequential data sets Output of encrypt/sign/compress must be VB Syntax Example //HLQ.PDS.HLQ1(mem) //HLQ.SEQ.HLQ //DD:ddname OpenPGP Key Ring Default: /var/encryptionfacility/ibmpkring/ikr Page 18

19 IBM Encryption Facility for z/os (5655-P97) OA40664 RFC 4880 Support in the IBM Encryption Facility Speculative Key ID Support Multiple recipients with Symmetrically Encrypted Integrity Protected Data Packet Support for notation Data Sub-packets containing raw binary data Batch Key Generation and Batch Public Key Export Page 19

20 Certificates: x.509 vs OpenPGP Support x.509 through keystore RACF key rings Certificate authority simplifies trust establishment Support OpenPGP Original approach for key exchange Trust not as straightforward Page 20

21 RACF Digital Certificates RACDCERT RACF Digital Certificate GENCERT to create a certificate EXPORT to send the certificate to your partner ADD to bring the certificate into RACF Keywords ICSF RACF Generates RSA key pair (in software) PCICC RACF requests RSA key pair from ICSF and PCI card DSA Digital Signature Algorithm (in software) Page 21

22 ICSF PKDS Key Management ICSF Utilities OPTION ===> Enter the number of the desired option. 1 ENCOD - Encode Data 2 DECODE - Decode Data 3 RANDOM - Generate a random number 4 CHECKSUM - Generate a checksum and verification and hash pattern 5 PPKEYS - Generate master key values from a pass phrase 6 PKDSKEYS - Mange keys in the PKDS Press ENTER to create and store control statement Press END to exit to the previous panel without saving Page 22

23 ICSF PKDS Key Management CSFPKY ICSF PKDS Keys COMMAND ===> Enter the PKDS record s label for the actions below ===> Select one of the following actions then press ENTER to process: Generate a new PKDS key pair record Enter the key length ===> 512, 1024, 2048, 4096 Enter Private Key Name (optional) ===> Delete the existing public key or key pair PKDS record Export the PKDS record s public key to a certificate data set Enter the DSN ===> Enter the desired subject s common name (optional) CN ===> Create a PKDS public key record from an input certificate Enter the DSN ===> Press ENTER to create and store control statement Press END to exit to the previous panel without saving Page 23

24 Migration and Coexistence Considerations OpenPGP format not interoperable with System z format OpenPGP Versions Exports V4 OpenPGP Certificates Imports V3 or V4 Certificates Generates V4 Signatures Verifies V3 or V4 Signatures Page 24

25 V1.2 - Support for OpenPGP Encryption Facility for z/os System z Format Understands z/os data formats High performance from hardware (3x to 10x hardware accelerated) Works across platforms via Java client Supports passphrase and pubic key in both product and client Net: Use where IBM system z MIPS consumption is an issue Encryption Facility for z/os OpenPGP RFC 4880 standard Industry standard format supported by many products on many platforms Open Source implementations available Supports passphrase and public key Limited System z hardware acceleration of PGP required protocols ziip/zaap eligible Net: Use when OpenPGP standard protocol is required Note: Both formats can use the same z/os centralized key management Page 25

26 Hardware / Performance Implications Encryption Algorithm to protect data CLRAES AES 128-bit clear key TDES TDES clear key ENCTDES TDES secure key BLOWFISH OpenPGP Only Key Encryption choices Passphrase uses CPACF RSA Key requires CEXn OpenPGP Signatures CEXn not required, but will help performance for PKA operations Page 26

27 Encryption Facility Resources Pubs SA Encryption Facility for z/os Planning and Customizing SA Encryption Facility for z/os Using Encryption Facility for OpenPGP Redbooks REDP-4334 Encryption Facility R2 for z/os Performance SG Encryption Facility for z/os V1.2 OpenPGP Support SG Encryption Facility for z/os V1.1 TechDocs w3.ibm.com/support/techdocs TD Checklist for Features Required to use the IBM Encryption Facility* WP Encryption Facility for z/os Performance and Sizing* *No longer available Page 27

28 Questions? Page 28