PGP for z/OS
HomeGroovy ?SolutionsNewsPartnersContact


PGP® Command Line for IBM Mainframes: Easily Implemented. Absolutely Secure. Enterprise-Wide.

PGP Command Line 9 for z/OS protects business-critical data easily, with little impact on existing systems.

PGP Command Line is easily integrated into z/OS batch processes and JCL, as well processes working on z/OS USS. Once deployed, PGP Command Line automatically encrypts and decrypts data on-the-fly.

A Complete z/OS Encryption Tool!

  • Batch JCL and USS scripting
  • 50% to 90% compression
  • VSAM file support
  • EBCDIC - ASCII conversions
  • Key management
  • Integration across all platforms

Across All Platforms

PGP for z/OS works with PGP for... 

  • IBM iSeries
  • IBM AIX 
  • Unix 
  • Linux
  • Sun Solaris
  • Windows 
  • Apple

Encryption and compression. PGP Command Line dramatically reduces file sizes--with a corresponding decrease in consumption of bandwidth, processing time, and disk space. Binary files typically compress to half their original size. Flat files compress as much as 90%.

PGP Command Line performs file-based encryption and decryption to ensure confidentiality of sensitive data, and it creates and verifies digital signatures to ensure message integrity and provide proof of the origin of data.

In addition, PGP Command Line provides key-management, allowing users to create and store keys, and find keys at directories and keyservers.

PGP Command Line is a command-line application that can easily be integrated with existing processes and scripts.

  • Cost-effective batch encryption, signing, and key management
  • Protects confidential information in motion and at rest
  • Rapid automation of security policies
  • Based on proven PGP technology
  • Secure file transfer to any recipient
  • Insures data authenticity, integrity, and privacy.
  • Easily scriptable encryption/signing toolkit
  • Self-decrypting archives
  • Secure file deletion prevents reconstruction of sensitive, unencrypted data

 

ADVANTAGES

Strong Encryption!

The strong cryptography employed by PGP Online is the best available.

PGP is tried and trusted. PGP encryption has undergone more than a decade of intense review by the world's best cryptographers. PGP Command Line relies on an open standard, OpenPGP (see IETF RFC 2440), and PGP Corporation has released source code for peer review and validation.

Scripted Encryption, in Transit and at Rest: Encrypted data is safe, whether moving cross-country or resting in the datacenter. PGP Command Line installs on an existing server where information is batch-processed. Data-transfer scripts--using REXX, JCL, or other languages--call on PGP Command Line for encryption before transmitting messges. Backup scripts call on PGP Command Line before writing to archives.

Security and Compression: PGP encryption starts with compression to decrease the size of files. Compressed files are not only easier to encrypt, transport, and store, they are harder to decrypt without the right tools and keys. Binary files typically compress to half their original size. Flat files compress as much as 90%.

Authenticity, Integrity, Non-repudiation: PGP Command Line encryption includes hash and signature mechanisms to ensure that data came from the expected source and that data is complete and untampered with. In addition, the source cannot deny having sent the data.

Retention, Archives, and Recovery: PGP Additional Decryption Key technology (ADK) ensures that encrypted archives can be made available when the time comes--a requirement of many regulations, organizations, and business partners--as a safeguard against lost keys.

Send Encrypted Data to Any Business Partner: If your partners don't have encryption software or public keys, send them a PGP Self-Decrypting Archive (SDA), and send the decryption key by some other, secure route. The SDA is executable on any of the same Linux, Unix, Windows, Mac OSX, and z/OS platforms where PGP Command Line can run.

Erase Files, not Just File Addresses: PGP Command Line provides Secure File Deletion that permanently overwrites data files, making them impossible to retrieve by any means.

Key Splitting, the Ultimate Protection: Make decryption impossible to perform in secret. PGP Command Line can split private keys into multiple pieces, held by multiple people. Decryption requires that all the people agree and all the pieces come together.

Key Management: PGP Command Line...

  • Generates public-private key pairs.
  • Stores keys in PDSs protected by SAF security: RACF, ACF2, or TopSecret
  • Searches out keys and certificates at servers, both OpenPGP and X.509.

Key Service: PGP Command Line readily collaborates with a PGP Universal Server to provide...

  • Signed certificates to authenticate public keys.
  • Secure backup of private keys behind user-specified security questions.
  • Records of revoked keys and certificates.

Public Key Directories: Find user's public keys when you need them. The PGP Universal Server provides a PGP Global Directory for OpenPGP keys. And it provides LDAP v3 directories for X.509 certificates.

Key Reconstruction: Normally, users keep their private keys on their private machines, protected by pass-phrases. For backup, they can also store keys on a PGP Universal Server, protected by fragmentation, encryption, and a sets of security questions written by the users. In a pinch, then, users can retrieve their keys from the server by correctly answering the questions.

Certificates Authenticate Public Keys: Signed certificates verify to your data sources that your public key is indeed yours. That prevents an imposter from substituting a counterfit key, fooling your sources into supplying private data to the wrong people--the so-called "man-in-the-middle attack."

 

SPECIFICATIONS & STANDARDS

Encryption is NOT Optional ! Data security is mandated by law:

 

PGP Integration: PGP Command Line for z/OS Mainframes provides full support for all native functions of PGP including LDAP integration, Additional Decryption Key (ADK), PGP Key Server, and XML configuration.

PGP on z/OS: PGP Command Line supports native z/OS batch operations with JCL and ISPF, as well as providing a USS implementation for use with shell scripts.

Encryption Standards: PGP solutions are built on the widely trusted OpenPGP standard (RFC 2440RFC 3156).

PGP Corporation has released PGP source code for peer review and validation. The code has undergone more than a decade of intense review by the world's best cryptographers.

The PGP Software Development Kit has been validated to the Federal Information Processing Standard (FIPS) of the U.S. National Institute of Standards and Technology (NIST): FIPS 140-2.

PGP encryption is one of two e-mail encryption standards recommended by the NIST "Guidelines on Electronic Mail Security": NIST 800-45

Versions 

  • Current: PGP Command Line 9 
  • Coming 2011: PGP Command Line 10

Operating Systems 

  • IBM z/OS 1.7 and above 
  • IBM z/OS USS

Scripting & Batch Interfaces 

  • z/OS JCL, ISPF, & others
  • z/OS USS shell scripts

Public Key Formats 

Directory Servers 

  • PGP Universal™ Server 
  • PGP Global Directory 
  • LDAP

Public Key Algorithms 

  • Diffie-Hellman 
  • DSA (Digital Signature Algorithm FIPS 186-2
  • RSA (up to 4096-bit keys)

Compression Algorithms 

  • Zip 
  • Bzip2 
  • Zlib

Symmetric Key Algorithms 

  • AES (up to 256-bit keys) (Advanced Encryption Standard, FIPS 197
  • CAST5 
  • TripleDES  (FIPS 46-3
  • IDEA 
  • Twofish 
  • Blowfish*

Hash Algorithms 

  • SHA-1, SHA-256, SHA-384, SHA-512 (Secure Hash Algorithm, FIPS 180-1, 180-2
  • MD5 
  • RIPEMD-160

*  Support for Blowfish is limited to decrypting existing messages encrypted with Blowfish or encrypting to existing keys that specify Blowfish as the preferred cipher.

 

DOCUMENTATION

Download the data sheet

MORE RESOURCES

for:

  • More technical information
  • Free trial