This scenario describes how two ICSF systems, System A and System B, establish initial transport keys between themselves. They establish two pairs of complementary importer and exporter keys at each location, as shown in Figure 1.
The systems can use these importer and exporter keys during key exchange. First the ICSF administrators at the two locations establish the complementary transport keys to send keys from System A to System B. These keys are the Exporter ATOB key at System A and the Importer ATOB key at System B.
ADD LABEL(ATOB) TYPE(EXPORTER) CLEAR
ADD LABEL(ATOB) TYPE(IMPORTER) CLEAR,
KEY(B2403EF8125A036F,239AC35A72941EF2)
System A can send this control statement to System B, and System B can create the Importer ATOB key. The key value in this control statement is the clear value of the Exporter ATOB key. System A does not send this control statement to System B over the network, because the key value is a clear key value. System A has a courier deliver the control statement to System B.
The administrator at System B submits the control statement to its KGUP. KGUP processes the control statement to create the ATOB importer key. The ATOB exporter key at system A and the ATOB importer key at System B are complementary keys.
This procedure creates a pair of complementary transport keys for keys sent from System A to System B. When System A sends a key to System B it enciphers the key using the ATOB exporter key. When System B receives the key, System B deciphers the key using the ATOB importer key.
Then the ICSF administrators at the two locations establish the complementary transport keys to send keys from System B to System A. These keys are the Importer BTOA key at System A and the Exporter BTOA key at System B.
ADD LABEL(BTOA) TYPE(IMPORTER) TRANSKEY(ATOB)
ADD LABEL(BTOA) TYPE(EXPORTER) TRANSKEY(ATOB),
KEY(AF04C35A7F1C9636,03CBB854653A0BCF)
System A can send this control statement to System B and System B can use the statement to create the Exporter BTOA key. The key value in this control statement is the value of the Importer BTOA key enciphered under the Exporter ATOB key. System A can send this control statement to System B over the network, because the key value is enciphered.
The ICSF administrator at System B submits the control statement to its KGUP. The program processes the control statement to generate the Exporter BTOA key. The Importer BTOA key at System A and the Exporter BTOA key at System B are complementary keys.
This procedure creates a pair of complementary transport keys for keys sent from System B to System A. When System B sends a key to System A, System B enciphers the key using the Exporter BTOA key. When System A receives the key, System A deciphers the key using the Importer BTOA key.