What does Encryption Facility for OpenPGP do?

The OpenPGP internet draft standard protocol defines a syntax for packaging data into packets, where each packet provides the context for a data integrity service like encryption or decryption. Encryption Facility for OpenPGP implements all of the required services as described in the internet draft standard protocol for OpenPGP and specifically provides the following services:

• Public key-based encryption
• Passphrase-based encryption (PBE)
• Modification detection of encrypted data
• Compression of packaged data
• Importing and exporting of OpenPGP certificates in binary or ASCII "armorized" formats
• Digital signatures of data

Encryption Facility for OpenPGP is also able to make use of X.509 certificates for public key infrastructure (PKI) to extend the basis of trust for OpenPGP environments.

With Encryption Facility for OpenPGP, you can apply many of these services to the same data to form an OpenPGP message that you can exchange with other OpenPGP-compliant applications. A software application must support the OpenPGP message format to be compatible with Encryption Facility and other OpenPGP-compliant products. Encryption Facility for OpenPGP also can leverage the existing security facilities of z/OS® to provide a secure and scalable OpenPGP client. For example, with Encryption Facility for OpenPGP you can do the following tasks:

• Use as input or output UNIX Systems Services files or z/OS partitioned data sets (PDS and PDSE), or z/OS sequential data sets.
• Perform cryptographic acceleration with certain kinds of IBM Z® hardware.
• Use Security Server Resource Access Control Facility (RACF®) and Integrated Cryptographic Services Facility (ICSF) key repositories.