Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

New V5R2 Encryption APIs with PTF SI10060

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New V5R2 Encryption APIs with PTF SI10060

    Where can I get more info?

  • #2
    New V5R2 Encryption APIs with PTF SI10060

    http://www-912.ibm.com/a_dir/as4ptf....2?OpenDocument or download the PTF itself or just its cover letter.

    Comment


    • #3
      New V5R2 Encryption APIs with PTF SI10060

      OK, I have downloaded the ptf and the cover/documentation. I am struggling with ALGD0500; binary(4). How do I equate binary to an algorithm of MD5? Where does the MD5 go? What do I put in the binary field?

      Comment


      • #4
        New V5R2 Encryption APIs with PTF SI10060

        John Sides wrote: > > OK, I have downloaded the ptf and the cover/documentation. I am struggling with ALGD0500; binary(4). How do I equate binary to an algorithm of MD5? Where does the MD5 go? What do I put in the binary field? It looks like you define a 4-byte integer and set it to a value of 1. "The hash algorithm. Following are the valid hash algorithms. 1 MD5 Documented in RFC 1321. 2 SHA-1 Documented in FIPS 180-2. 3 SHA-256 Documented in FIPS 180-2. 4 SHA-384 Documented in FIPS 180-2. 5 SHA-512 Documented in FIPS 180-2."

        Comment


        • #5
          New V5R2 Encryption APIs with PTF SI10060

          I've tried out the new API's to encrypt and decrypt data (in COBOL)and they work nice. My question is how to do this "properly" using keys and certificates to control the encryption and decryption process. DCM kind of sits out there to manage those things, but how does a person get that down into the program level to use those keys or certs, or use the new API's? I haven't been able to find the cookbook for getting these things put together. Any direction would be greatly appreciated. Thanks!

          Comment


          • #6
            New V5R2 Encryption APIs with PTF SI10060

            Can you post up examples of what you have done? It would be great to have a head start. Cheers Jim

            Comment


            • #7
              New V5R2 Encryption APIs with PTF SI10060

              The code is not fancy. It was an attempt to use AES software encryption to encrypt and decrypt a 32 byte field. My next step (problem) is to use a key and vector initialization string that is system or enterprise wide and enchanged securely between systems. But there doesn't seem to be much AS/400 specific on those kind of things. Thanks.
              Code

              Comment


              • #8
                New V5R2 Encryption APIs with PTF SI10060

                I have tried to convert the above posted API calls to ILE RPG but get the following message. Application error. CPF9DDE unmonitored by IBMENCRYPT at statement 0000000047, instruction X'0000'. CPF9DDE is not defined in my QCPF message so there is no text but according to the IBM documentation if means "Cipher algorithm not valid". It looks like none of the related CPF messages were in the PTF. Here's my code: H DFTACTGRP(*NO) ACTGRP(*NEW) H USRPRF(*OWNER) BNDDIR('QC2LE') INDENT(': ') DClearData S 32A INZ DClearDataLen S 4B 0 INZ(32) DClearDataFmt S 8A INZ('DATA0100') DALGD0200 DS D BlockCipherAlg 4B 0 INZ(22) D BlockCipherLen 4B 0 INZ(32) D BlockCipherMod 1A INZ('1') D BlockCipherPad 1A INZ('0') D BlockCipherPch 1A INZ(x'00') D BlockCipherRsv 1A INZ(x'00') D BlockCipherMLN 4B 0 INZ(0) D KeySize 4B 0 INZ(0) D InitVector 32A INZ('123456789012345678901234567890') DALGD0200Desc S 8A INZ('ALGD0200') DKeyDescription DS D KeyDescType 4B 0 INZ(22) D KeyStringLen 4B 0 INZ(30) D KeyFormat 1A INZ('0') D KeyReserved 3A INZ(x'000000') D KeyString 32A INZ('123456789012345678901234567890') D KeyDescFmt S 8A INZ('KEYD0200') D CryptoProv S 1A INZ('1') D CryptoDevName S 10A INZ DEncryptedData S 32A INZ DEncryptedLen S 4B 0 INZ(32) DEncryptedRtn S 4B 0 INZ DQUSEC DS inz D QUSBPRV 1 4B 0 D QUSBAVL 5 8B 0 D QUSEI 9 15 D QUSERVED 16 16 D* D* Varying length C eval Cleardata='FredSmith' C CALL 'QC3ENCDT' C PARM ClearData C PARM ClearDataLen C PARM ClearDataFmt C PARM ALGD0200 C PARM ALGD0200Desc C PARM KeyDescription C PARM KeyDescFmt C PARM CryptoProv C PARM CryptoDevName C PARM EncryptedData C PARM EncryptedLen C PARM EncryptedRtn C PARM QUSEC C eval *INLR = *on C return

                Comment


                • #9
                  New V5R2 Encryption APIs with PTF SI10060

                  You are defining many of the Binary(4) API elements as 4B 0. This defines only a 2-byte binary field. Either define them positionally (like you did in QUSEC - 1 4B 0) or as 9B 0 or as 10i 0 so that 4-bytes are being passed to the API.

                  Comment


                  • #10
                    New V5R2 Encryption APIs with PTF SI10060

                    I was a bit unsure of the binary definitions - I know there is a good reason but the leap from BINARY(4) to 9B 0 or 10I 0 was too much for me! Thanks again.

                    Comment


                    • #11
                      New V5R2 Encryption APIs with PTF SI10060

                      How are the APIs working out. My company is wanting to encrypt credit card numbers, social security numbers, and other personal information on the iSeries. We're looking for field-level encryption. It sounds like these APIs will do the trick.

                      Comment


                      • #12
                        New V5R2 Encryption APIs with PTF SI10060

                        We are currently beginning programming to encrypt fields within our database. Our plan is to use the API's (on V5R2) to encrypt/decrypt the data so that we can use the AES algorithym. Maybe some day the new hardware encryption card on the i5 will support AES. For us, the API's appear to be the best choice.

                        Comment


                        • #13
                          New V5R2 Encryption APIs with PTF SI10060

                          Have you started using the APIs yet? It sounds like we're both doing the same thing. I'm surprised that I'm finding so little info on the APIs. We're currently at V5R1. These APIs are pushing us to V5R2. I will be installing the upgrade in a couple of weeks. I'm just curious what experiences (good or bad) other folks have had trying to use the APIs for field-level AES encryption.

                          Comment


                          • #14
                            New V5R2 Encryption APIs with PTF SI10060

                            You don't necessarily need V5R2 to do field level encryption. There is an MI instruction for doing it called _CIPHER. It can encrypt using the following methods: DEA, TDEA, RC-4, AES. I have written a procedure to test the functionality and after some help from a message posting here, I got it to work. I am no expert on the MI by any means and key mananagement "is the key" and I don't have much input on that issue. An IBM doc about the _CIPHER command is here (thanks Tom Daly). http://publib.boulder.ibm.com/iserie.../mi/CIPHER.htm The following is an excerpt from that document. I am not sure what to do if your system does not meet the criteria described and this is true for each of the aforementioned encryption algorithms. "In order to use this function identifier, the cryptography attributes must contain an algorithm entry that specifies DES (Data Encryption Standard) is provided by the machine service provider. If no such entry exists, then requested function not valid (hex 1C08) exception will be signaled. The cryptography attributes may be materialized through the use of the Materialize Machine Attributes (MATMATR) instruction and using a selection value of hex 01C8." Garrett
                            Code

                            Comment


                            • #15
                              New V5R2 Encryption APIs with PTF SI10060

                              Hi, I am trying to encrypt data captured from the screen (both RPG/400 V5R2). I am running into differnt types of problems as defination not found etc., Can I have a sample program to using QC3ENCDT.. I can answer any questions reqarding whatever I have done so far, though not completly successful. Please guide me thru.. Regards -Dan

                              Comment

                              Working...
                              X