Generate public private key - connect_cdc_sqdata - 4.1

Connect CDC (SQData) Secure communications components

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (SQData)
Version
4.1
Language
English
Product name
Connect CDC (SQData)
Title
Connect CDC (SQData) Secure communications components
Topic type
How Do I
Installation
Copyright
2024
First publish date
2000
ft:lastEdition
2024-02-07
ft:lastPublication
2024-02-07T13:29:14.268926

At the core of the Encryption system are pairs of 32 byte Public / Private keys generated by the multi-function utility, SQDUTIL.

The algorithm used to create the mathematical link is based on the Networking and Cryptographic Library (NaCl), sometimes referred to by the chemical compound name "Salt". The NaCl library consists of Open Source routines that uses the algebraic structure of elliptic curves to perform encryption calculations. While other libraries exist that support these core operations, NaCl has advanced the state of the art by improving security, usability, and most importantly speed. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.

While no effort will be made here to explain how it works, suffice to say that Precisely accepts NaCl's claim:

"...To summarize, all of (our) cryptographic choices are quite conservative. We do not expect any of them to be broken until someone succeeds in building a large quantum computer; before that happens we will extend NaCl to support post-quantum cryptography."

To learn more about NaCl, we recommend reading the paper published at http://cr.yp.to/highspeed/coolnacl-20120725.pdf

Below is an example of a public / private key pair as they appear in their respective files.

Public Key:

5Y3FJbqOSaaImePo7fMb4I9Zm3Cw8H1oa4gVoF9Tazg= SQDUSER1@ZOS10

Private Key:
-----BEGIN NACL PRIVATE KEY-----
L68x1APsG4Bhhv+gG4CYP3IdsSUX3fNSQ030RUy0T5I=
-----END NACL PRIVATE KEY-----

The security provided by NaCL and any other public/private key cryptography system relies entirely on protection of the private key. You must insure that the file containing the Private key is protected so that only you, or only users that you intend to allow to impersonate you can read that file. The public key, on the other hand, does not need any particular protection and must be shared and made available on other platforms with whom a private key holder will communicate.

The generated NaCL keys are by default stored on platfoms, other than z/OS, in the operating system specific "home" directory of the requesting user, id_nacl and id_nacl.pub, for example:

Linux /home/<user_id> /.nacl/id_nacl and id_nacl.pub where .nacl is a hidden directory

Windows C:\Users\<user_id>\AppData\Local\sqdata\id_nacl and id_nacl.pub

On z/OS, the public key is generated into the file/dataset specified in DD:SQDPUBL and the private key is generated into the file/dataset specified in DD:SQDPKEY.

The Azure Key Vault (AKV) is also supported on Linux providing an additional option for Private key storage.