Points to be noted and the restrictions on use
This section describes the points to be noted and the restrictions on use of HULFT Cipher Options.
File transfers to and from hosts on which HULFT Cipher Option is not installed
HULFT Encryption Scheme is used to encrypt data that is to be transferred to or from hosts on which HULFT Cipher Option is not installed.
In either of the following situations, HULFT Cipher Option will not be installed:
-
When HULFT Cipher Option has not been purchased
-
When the remote host uses a version of HULFT for which HULFT Cipher Option is not released
-
When the remote host uses a platform of HULFT for which HULFT Cipher Option is not released
-
When the remote host uses HULFT English products lower than HULFT8
-
If the HULFT on the remote host does not support HULFT Encryption Scheme, transferred data is garbled because data encrypted on the sending-side host cannot be correctly decrypted on the receiving-side host.
-
When Encryption Scheme in the System Environment Settings is set to "0", it is treated the same as when HULFT Cipher Option is not installed, and HULFT Encryption Scheme will be used for encryption.
Priority for encryption schemes
HULFT automatically selects the highest-priority encryption scheme among those that can be used both on the sending-side host and the receiving-side host and uses it for encryption.
The following shows the priority:
AES > C4S > HULFT Encryption Scheme
The following table shows the encryption scheme to be selected based on the combination of encryption schemes that are available on the sending-side host and the receiving-side host.
|
Sending Host |
Receiving Host |
||||||
|---|---|---|---|---|---|---|---|
|
Version |
Available Encryption Scheme |
Ver.7.1 or Higher |
Lower than Ver.7.1 |
||||
|
HULFT (*1) |
C4S |
AES |
C4S, AES (*2) |
HULFT (*1) |
C4S |
||
|
Ver.7.1 or Higher |
HULFT (*1) |
HULFT |
HULFT |
HULFT |
HULFT |
HULFT |
HULFT |
|
C4S |
HULFT |
C4S |
HULFT |
C4S |
HULFT |
C4S |
|
|
AES |
HULFT |
HULFT |
AES |
AES |
HULFT |
- |
|
|
C4S, AES (*2) |
HULFT |
C4S |
AES |
AES |
HULFT |
C4S |
|
|
Lower than Ver.7.1 |
HULFT (*1) |
HULFT |
HULFT |
HULFT |
HULFT |
HULFT |
HULFT |
|
C4S |
HULFT |
C4S |
- |
C4S |
HULFT |
C4S |
|
|
HULFT |
: |
Encrypted by HULFT Encryption Scheme |
|
C4S |
: |
Encrypted by C4S |
|
AES |
: |
Encrypted by AES |
|
- |
: |
The data is garbled because HULFT cannot detect the difference between the encryption schemes. |
|
*1 |
: |
When HULFT Cipher Option is not installed, HULFT Encryption Scheme is used as the encryption scheme. |
|
*2 |
: |
In a version lower than Ver.8.4.0, AES and C4S cannot be installed at the same time. |
In Forced Strong Key mode, note the following points:
-
HULFT does not automatically select the encryption scheme which is the same as the remote host.
-
If Forced Strong Key mode is disabled on the remote host, no communication, including for transferring files and issuing requests, is accepted.
Communications when Forced Strong Key mode is enabled
When Forced Strong Key mode is enabled on the local host, instant transfer cannot be performed.
In addition, all communications, such as not only for file transfer but also for issuance of request, cannot be performed in either of the following cases:
-
HULFT Ver.8.4.0 or higher runs and Forced Strong Key mode is disabled on the remote host
-
HULFT of a version lower than Ver.8.4.0 runs on the remote host
-
The local host runs HULFT Manager of a version lower than Ver.8.4.0
-
Use HULFT7 Comm. Mode is enabled on the remote host that is registered in the Host Information.
In addition, we do not recommend to switch Forced Strong Key mode in the middle of operations because it might affect the existing operations.
Encryption used when an instant transfer is performed
When Forced Strong Key mode is enabled
When Forced Strong Key mode is enabled, instant transfer cannot be performed.
When no encryption is used on the receiving-side host
When an instant transfer is requested in HULFT with encryption on the sending-side host, the file is transferred without encryption when the receiving-side host runs HULFT without encryption.
|
|
Receiving-side host |
||
|---|---|---|---|
|
With encryption (*1) |
Without encryption (*2) |
||
|
Sending-side host |
With encryption (*1) |
✓ |
|
|
Without encryption (*2) |
|
|
|
|
✓ |
: |
Data is decrypted when encrypted |
|
Blank |
: |
Data is not decrypted as it is not encrypted |
|
*1 |
: |
If HULFT contains a cipher option license |
|
*2 |
: |
If HULFT does not contain a cipher option license |
|
|
Receiving-side host |
||
|---|---|---|---|
|
With encryption (*1) |
Without encryption (*2) |
||
|
Sending-side host |
With encryption (*1) |
✓ |
‡ |
|
Without encryption (*2) |
|
|
|
|
✓ |
: |
Data is decrypted when encrypted |
|
‡ |
: |
Data is not decrypted even when encrypted |
|
Blank |
: |
Data is not decrypted as it is not encrypted |
|
*1 |
: |
If HULFT contains a cipher option license |
|
*2 |
: |
If HULFT does not contain a cipher option license |
Restriction on interfacing with HULFT-HUB Server
HULFT with HULFT Cipher Option enabled can only interface with HULFT-HUB Server where the same type of HULFT Cipher Option is installed.