Feel secure using crypto on 3000s
June 21, 2006
It's easy to forget how much the 3000 community — system maker, vendors and users all together — delivered to the MPE/iX experience. Ask if there's a cryptography solution for the 3000, you'll likely hear that the platform never made it to that functionality milestone. Not exactly true.
Although the cost of the solution might make a company think hard, the 3000 has the B-SAFE SSL-C toolkit ported to MPE/iX. The software itself, tested up and posted by HP, is available for free from the HP Jazz Web site. If you're wondering what in the world B-SAFE has to do with encryption, you might start with a few PowerPoint slides from HP at the Jazz server.
A customer needs this capability, more than five years after HP took its steps to make it available, if not affordable. (The cost revolves around the encryption license from RSA). But a customer doesn't want to push their encrypted data around any more than absolutely necessary (good idea). The customer asked about something that's been on the 3000's shelf since we first reported on it in 2000.
I’m looking for an easy way to read RSA encrypted data and translate it into something meaningful on the 3000. I don’t want to send it to another machine, have it decrypted and then move it back to the 3000.
The path to the solution isn't exactly straightforward, but it does reside on an HP server. Much like the situation we all expected to be in at the end of this year, HP won't stand behind such freeware. To get the software you have to agree to HP's following freeware conditions:
- This software and documentation is NOT supported by HP.
- HP may or may not offer a version of this software and documentation as a product in the future. (Here we're likely to bet, "not at any time in our lifetime')
- This software has been minimally tested for installability and use on MPE/iX but has not been subjected to HP's product-level testing and quality control.
- HP makes no committment to provide enhancements or fixes to the software or documentation or to fix problems encountered while running the software.
- This software may be altered or removed at any time.
- The software and documentation is provided "as is". HP does not warrant that the use, reproduction, modification or distribution of the software or documentation will not infringe a third party's intellectual property rights. HP does not warrant that the software or documentation is error free. HP disclaims all warranties, express or implied, with regard to the software and the documentation. HP specifically disclaims all warranties of merchantability and fitness for a particular purpose.
- HP will not in any event be liable for any direct, indirect, special, incidental or consequential damages (including lost profits) related to any use, reproduction, modification, or distribution of the software or documentation.
The lack of HP support might not bother a customer. Plenty of other sources can be engaged for that from the third party community. The pricing might be an issue, but where security is concerned, extra budget can be found. Years ago, Gavin Scott of Allegro issued a price caveat about using SSL-C solutions:
It’s my impression that the licensing fees for actually using this stuff in a production application are, um, high, so you might want to investigate the details before planning on using this stuff in an application or a product for sale.