Re: Standard Encryption Products

Dave La Mar · ‎02-03-2006

Background:

1. We are a multiplatform shop.
2. Platforms are:
a. VM/VSE
b. AS400
c. Windows
d. HP-UX 11.0 (soon to go to 11.i)
e. Linux

3. We have a multitude of ftp jobs running to and from all platforms.
A change to sftp would require more effort than
desired, thus sftp is not to be considered.

4. On the VM/VSE side we use standard 128 bit encryption provided by BSI TCPIP TOOLS for VSE.

5. #4 can be de-encrypted by any standard open SSL tool.

Questions:

1. Though I am in the process of contacting each vendor on their preference or use of an encryption product, I would like to know if anyone in the forum has a standard they are using across platforms such as mentioned in #2 of background.

2. Some of the vendors are banking institutions so I expect a myriad of product answers from them. That said, what works best in your particular shop?

Keep in mind, we are not considering sftp.

All points posted at thread closing.

Thanks for any and all input.

-dl

"I'm not dumb. I just have a command of thoroughly useless information."

Geoff Wild · ‎02-03-2006

I know this won't be the answer you are looking for...

We also have a multiplatform shop and deal with vendors as well - and though we didn't like it (a lot of work) we did move to sftp (using FSECURE SSH http://www.f-secure.com/products/fsssh/f-secure-wrq-faq.shtml ).

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Jason Ray · ‎02-03-2006

I know we transmit data with several banks and have used PGP encrypted files sent over ftp.
We run one PGP server and send files to it from a few machines for encryption and then send them off.
Does your method of connection have to be secure or is securing the data an option?

Chan 007 · ‎02-03-2006

Hi,

I have banking clients they use

F-secure.

But check with vendors like PGP, RSA.

Even their products are good.

Chan

Dave La Mar · ‎02-03-2006

I guess I should have added that data encryption is the interest. All the jobs I refer to are standard ftp, but the data needs encryption.
PGP comes up a lot.
Naturally, the company is looking at a SOX compliant no cost product that can be used on bothe the Windows and HP-UX platforms.
If PGP can act as standard Open SSL in opening the data files, we would obviously use Open SSL on Unix and Windows.
In my testing, I used the BSI encryption on the mainframe and tested against Open SSL on windows and Unix. That appeared to work fine.
If feedback pushes us to PGP due to short falls in Open SSL, then so be it.

Appreciate the input thus far.

-dl

"I'm not dumb. I just have a command of thoroughly useless information."

rick jones · ‎02-03-2006

FWIW, HP ships an OpenSSL/OpenSSH with HP-UX 11i. We've also fed Itanium tunes to RSA.

there is no rest for the wicked yet the virtuous have no pillows

Dave La Mar · ‎02-06-2006

Rick -
We will be installing 11i V1 in a couple of months.
Questions:
Since I have the 11i installtion media:

1. Can we pull off the open SSL to begin using on 11.0 prior to our 11i installtion?
2. Is this open SSL portable to a Windows machine?

Regards,

-dl

"I'm not dumb. I just have a command of thoroughly useless information."

Dave La Mar · ‎02-09-2006

Though PGP came up several times from this forum and others, Open SSL also mad it's mark.
Since Open SSL is a shipped, supported, HP product and readily available for Windows platforms, that is our choice.
On the mainframe we will be using the BSI ecryption utility which is compatible with Open SSL.
Next step will be insuring the destination vendors find this acceptable.

Thanks to all that took the time to state a preference and offer suggestions.

Regards,

dl

"I'm not dumb. I just have a command of thoroughly useless information."

rick jones · ‎02-09-2006

Dave -

Sorry - missed the query - I have no idea if taking the bits shipped for 11i onto 11.0 will "work" but I know it would not be "supported" and if you are going to run unsupported, might as well go to OpenSSL.org (or whatever it is) and build from source.

Also, at this point wny only jump from 11.0 to 11iv1? Are your systems not supported by 11iv2? If you are going to make the jump, might as well get current - IMO - anyway.

there is no rest for the wicked yet the virtuous have no pillows

Dave La Mar · ‎02-09-2006

Rick -
You guessed correctly on the reasoning for 11i V1.
Open SSL appears to be available for 11.0 from the porting center. Thus my comment on HP supported.

I know ideally SFT is the method preferred by many, if not most, but on the mainframe alone we would have to convert jcl for 300+ jobs currently in production, while on the unix boxes there would be 80-100 to convert.

Appreciate the follow up.

Regards,

dl

"I'm not dumb. I just have a command of thoroughly useless information."

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Standard Encryption Products

Standard Encryption Products