Data Encryption with SSL
TIBCO MFT Platform Server for z/OS supports data encryption with SSL for file transfers under unsecured network.
Under unsecured network, file transfers are vulnerable to the following two types of attacks:
The first type of attacks can be resolved by encrypting data. SSL uses a combination of the following two types of encryption algorithms to encrypt data:
- Asymmetrical encryption
The sending and receiving systems use different keys to encrypt and decrypt the data. For more details, see Asymmetrical Encryption.
- Symmetrical encryption
The same key is used for both encryption and decryption of data. For more details, see Symmetrical Encryption.
SSL performs its handshake by using asymmetrical encryption; then the software sends the symmetrical encryption key that is encrypted by the asymmetrical encryption algorithm. In this way, both sender and receiver have the same encryption key that is transmitted in a secure form, and the data can be transferred more efficiently.
While to resolve the second type of attacks, you must perform message integrity check to detect whether the data is changed. SSL detects any changes in data by adding a message digest to all transmitted data.
A message digest is a condensed representation of a message. Before a file transfer, SSL uses the MAC algorithm based on Secure Hash Algorithm (SHA) to generate a 20-byte message digest for data. This message digest is then sent together with the encrypted data to the remote platform server. At the remote platform server, the receiver uses the same algorithm to generate a message digest and compare the generated message digest with that received. If any component of the data is changed, the message digest is also changed. In this way, the receiver checks whether the data is altered before accepting the data.