Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

Field level encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Field level encryption

    The _CIPHER builtin might help. How strong do you need the encryption to be? I've used _CIPHER to generate a hash value of certain data on a record and store the hash on the record. When the record is retreived the hash is re-computed and it must match the hash stored on the record otherwise the record has been tampered with. But the data is stored in the clear. _CIPHER it can also be used to encrypt data however. By specifying x'07' for the function code instead of the x'05' shown here you can perform a function similar to crypt() in unix. The doc is available here http://publib.boulder.ibm.com/iserie.../mi/CIPHER.htm These links might also be of interest: http://directory.fsf.org/Security/libgcrypt.html http://www.novell.com/products/linux...libgcrypt.html Tom D.
    Code

  • #2
    Field level encryption

    V5R3 SQL offers field encryption with the ENCRYPT_RC2 and DECRYPT_xxxx functions.

    Comment


    • #3
      Field level encryption

      There's an upcoming tech tip on this topic that should be posted within the next few weeks.

      Comment


      • #4
        Field level encryption

        Chuck, Patrick Townsend & Associates have a product called Alliance AES/400 which uses the 256 bit AES encryption algorithm to encrypt files or fields. To do field level encryption, you use APIs callable from your own programs. Have a look at http://www.patownsend.com/AES.htm for more details. There's a trial download available if you want to try it. Full Disclosue: We are agents for Patrick Townsend & Associates products in Ireland. We won't be receiving compensation for drawing this to your attention, but someday Pat might buy me a beer... Regards, Brendan

        Comment


        • #5
          Field level encryption

          Brendan, We are going to give their product a try. Hopefully it will help us. chuck Opinions expressed are not necessarily those of my employer. "Brendan McMahon" wrote in message news:6b24ac8b.3@WebX.WawyahGHajS... > Chuck, > > Patrick Townsend & Associates have a product called Alliance AES/400 which > uses the 256 bit AES encryption algorithm to encrypt files or fields. To > do field level encryption, you use APIs callable from your own programs. > > Have a look at <http://www.patownsend.com/AES.htm> for more details. > There's a trial download available if you want to try it. > > Full Disclosue: We are agents for Patrick Townsend & Associates products > in Ireland. We won't be receiving compensation for drawing this to your > attention, but someday Pat might buy me a beer... > > Regards, > > Brendan

          Comment


          • #6
            Field level encryption

            Hi Tom, I am trying to test the use of _CIPHER and can't get my program to compile. What must I bind to the program to have "access" to the _CIPHER routine. Thanks PS. I tried to find the info on the IBM website but I really have trouble finding what I need there.

            Comment


            • #7
              Field level encryption

              What error are you getting? There is nothing special you need to do in order to bind to _CIPHER as a function so it must be something else.

              Comment


              • #8
                Field level encryption

                Try compiling to something other than the default activation group. Add an H-spec: H DFTACTGRP(*NO) ACTGRP('QILE') And see how that goes. Tom D.

                Comment


                • #9
                  Field level encryption

                  Thanks for the responses. I mis-stated what was happening. The program compiled fine but was failing with a "pointer not set" error on the call the _CIPHER. I used your basic code, Tom, and modified it to try and encode a value using the AES encryption method. So, I needed to adjust your definition of the ControlDS. It is shown below. I also included the portion of the code that sets the ControlDS values and calls _CIPHER. Originally I was not setting the "keySched" pointer field value and I received the "pointer not set" error. I mistakenly felt I didn't need to set this value. Reading about the cipher instruction more closely I see I do need to set it. Once I set it to a valid value, I may be alright. Being new to this aspect of our field, the fuzziest part of it is the key management aspect and how the keys are communicated so the encrypted value can be decrypted. Anyway, it appears I may have wasted your time. Thanks anyway. Garrett
                  Code

                  Comment


                  • #10
                    Field level encryption

                    I am getting a different error at run time now (see below). I am more than willing to learn how to do this without spending a lot of the readers' time. Is anyone aware of a manual, redbook or something that has an example of using this CIPHER MI? The documentaion on the CIPHER MI is less than clear. It assumes you have some understanding of underlying details, which I don't at this time. Thanks for any help.
                    Code

                    Comment


                    • #11
                      Field level encryption

                      At offset x'28' there is a Reserved field of 7 bytes. I see you have a comment in your code that it must be binary 0 but I don't see you actually setting it to this value.

                      Comment


                      • #12
                        Field level encryption

                        Thanks! I thought I was but I must have left out that part from Tom's original example code. Fixing that moved me along a little. I am failing with a different offset location now (X'0006',see below). I believe, If I'm counting correctly, this puts me in the blocklen field of the controlsds. I will mess around some more. Thanks for the hint on figuring the offset out.
                        Code

                        Comment


                        • #13
                          Field level encryption

                          I think you've got it figured out Block length of 16 would be x'10' and you appear to be using x'16'.

                          Comment


                          • #14
                            Field level encryption

                            Ah yes, those computer science courses occured too long ago. Thanks you very much for reminding me!

                            Comment


                            • #15
                              Field level encryption

                              I entered the sample code you had coded. I get get the following message when trying to create *module.... (7030 error is for the procedure name tstcipher_encd...) . Let me know how I could get over these errors..[*]RNF5412 20 1 An operand must not be specified for a procedure that does not return a value.[*]RNF1503 30 1 The prototype for the procedure was not previously defined.[*]RNF7030 30 2 The name or indicator is not defined.

                              Comment

                              Working...
                              X