At the core of the Encryption system are pairs of 32 byte Public / Private keys generated by the multi-function utility, SQDUTIL.
The algorithm used to create the mathematical link is based on the Networking and Cryptographic Library (NaCl), sometimes referred to by the chemical compound name "Salt". The NaCl library consists of Open Source routines that uses the algebraic structure of elliptic curves to perform encryption calculations. While other libraries exist that support these core operations, NaCl has advanced the state of the art by improving security, usability, and most importantly speed. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
While no effort will be made here to explain how it works, suffice to say that Precisely accepts NaCl's claim:
"...To summarize, all of (our) cryptographic choices are quite conservative. We do not expect any of them to be broken until someone succeeds in building a large quantum computer; before that happens we will extend NaCl to support post-quantum cryptography."
To learn more about NaCl, we recommend reading the paper published at http://cr.yp.to/highspeed/coolnacl-20120725.pdf
Below is an example of a public / private key pair as they appear in their respective files.
Public Key:
5Y3FJbqOSaaImePo7fMb4I9Zm3Cw8H1oa4gVoF9Tazg= SQDUSER1@ZOS10
-----BEGIN NACL PRIVATE KEY-----
L68x1APsG4Bhhv+gG4CYP3IdsSUX3fNSQ030RUy0T5I=
-----END NACL PRIVATE KEY-----
The security provided by NaCL and any other public/private key cryptography system relies entirely on protection of the private key. You must insure that the file containing the Private key is protected so that only you, or only users that you intend to allow to impersonate you can read that file. The public key, on the other hand, does not need any particular protection and must be shared and made available on other platforms with whom a private key holder will communicate.
The generated NaCL keys are by default stored on platfoms, other than z/OS, in the operating system specific "home" directory of the requesting user, id_nacl and id_nacl.pub, for example:
Linux /home/<user_id> /.nacl/id_nacl and id_nacl.pub where .nacl is a hidden directory
Windows C:\Users\<user_id>\AppData\Local\sqdata\id_nacl and id_nacl.pub
On z/OS, the public key is generated into the file/dataset specified in DD:SQDPUBL and the private key is generated into the file/dataset specified in DD:SQDPKEY.
The Azure Key Vault (AKV) is also supported on Linux providing an additional option for Private key storage.