EncryptRIGHT Modernization Guide

EncryptRIGHT provides encryption, tokenization, and key management capabilities for z/OS systems. It offers APIs for integration with COBOL, CICS, PL/I, REXX, CLIST, and C.

EncryptRIGHT supports symmetric encryption algorithms like AES and DES, as well as asymmetric algorithms like RSA. It also supports various hashing algorithms for data integrity.

Key management is handled through a centralized key repository. Keys can be generated, stored, and rotated using administrative commands. Access to keys is controlled through role-based access control.

EncryptRIGHT integrates with z/OS security systems like RACF, ACF2, and Top Secret to manage user authentication and authorization.

Common operations include encrypting data using the ENCRYPT command, decrypting data using the DECRYPT command, generating keys using the KEYGEN command, and managing tokens using the TOKENIZE and DETOKENIZE commands.

EncryptRIGHT exposes APIs for COBOL, CICS, PL/I, REXX, CLIST, and C. These APIs allow developers to integrate encryption and tokenization functionality into their applications.

The main system components include the Encryption Engine, Key Management Server, and the Administration Console. The Encryption Engine performs the actual encryption and decryption operations. The Key Management Server manages the encryption keys. The Administration Console provides a user interface for managing the system.

EncryptRIGHT uses configuration files to store system settings and parameters. These files are typically located in the /etc/encryptright directory. The Administration Console can also be used to configure the system.

EncryptRIGHT helps organizations protect sensitive data and comply with data privacy regulations. By encrypting data at rest and in transit, EncryptRIGHT reduces the risk of data breaches and unauthorized access.

EncryptRIGHT's tokenization feature allows organizations to replace sensitive data with non-sensitive tokens. This reduces the risk of data breaches and simplifies compliance with data privacy regulations.

EncryptRIGHT's centralized key management capabilities simplify the process of managing encryption keys. This reduces the risk of key compromise and simplifies compliance with key management regulations.

EncryptRIGHT supports authentication methods such as LDAP, SAML 2.0, and X.509 certificates. Multi-factor authentication can be integrated through z/OS security systems.

EncryptRIGHT uses a role-based access control (RBAC) model to control access to sensitive data and encryption keys. Users are assigned roles, and roles are granted permissions to access specific resources.

EncryptRIGHT encrypts data at rest and in transit using strong encryption algorithms such as AES and RSA. Encryption keys are protected using hardware security modules (HSMs).

EncryptRIGHT provides comprehensive audit logging capabilities. All security-related events are logged, including user authentication, access control decisions, and encryption operations. These logs can be used to track security incidents and comply with audit requirements.

EncryptRIGHT provides a command-line interface (CLI) and a web-based administration console for managing the system. The CLI is used for performing administrative tasks such as key management and user management. The web-based console provides a graphical user interface for monitoring the system and configuring security settings.

User management is handled through the z/OS security system (RACF, ACF2, or Top Secret). EncryptRIGHT integrates with these systems to authenticate users and authorize access to resources.

EncryptRIGHT provides monitoring and logging capabilities through the z/OS System Management Facilities (SMF). SMF records provide detailed information about system activity, including encryption operations and security events.

The main configuration parameters include the encryption algorithms to use, the key management settings, and the audit logging settings. These parameters can be configured through the Administration Console or through configuration files.