Encrypting data in RPG IV is becoming more and more necessary. IBM supplies two methods for encrypting text:
- The CIPHER MI instruction—This instruction has been around forever and allows you to encrypt a string of text using DES, AES, or RC4 encryption methods, among others.
- The Qc3xxxxx encryption APIs—These APIs do it all, from encryption (beginning with V5R3) to key management (on V5R4). They are bit complex, so if you're interested, look for my past articles on this topic.
If you have RPG xTools on your system, you have a third choice. RPG xTools includes several encryption subprocedures that make encrypting data within RPG IV as easy as this:
The aesEncrypt procedure encrypts the data in the CCNBR field using AES encryption and the provided password or "cipher key."
One problem with AES encryption is that it requires the data length to be in multiples of 16, 24, or 32 bytes. Therefore a 10-position field cannot be encrypted unless it is first moved into a 16-position field and that 16-position field is encrypted.
RPG xTools includes RC4 encryption as well as AES. Unlike AES, RC4 encryption doesn't care how long or short a field is; it will encrypt it. To encrypt with RC4 encryption in RPG IV using xTools, the following can be coded:
Note that the interface is effectively identical to the aesEncrypt procedure. This is one of the areas in which the Qc3xxxxx APIs have an issue: There are so many formats and control blocks that even experienced programmers shy away from them until they can take the time to study them to make sure they implement things correctly.
In addition to data encryption, RPG xTools also supports hash generations or "message digests." Currently, RPG xTools supports MD-5 (128-bit) and Whirlpool (512-bit) hash.
These routines produce a unique value (or "signature" as it is sometimes called) from a string of text. Many people use these hash routines to produce a message digest of a password. Then, the message digest or hash is used as the password to encrypt the data. This ensures that if you decide your password is something obvious, such as Rosebud, the actual password used to encrypt the data would be the 512-bit hash generated from the word Rosebud. Thus, guessing the password can be much more difficult.
More and more, encryption is becoming an everyday requirement. If you aren't using encryption today, you probably will be in the next 12 to 24 months. Start looking into it. You'll find plenty of tools to help you, including the Qc3xxxxx APIs, the CIPHER MI instruction set, and RPG xTools wrapper procedures.Bob Cozzi is a programmer/consultant, writer/author, and software developer of the RPG xTools, a popular add-on subprocedure library for RPG IV. His book The Modern RPG Language has been the most widely used RPG programming book for nearly two decades. He, along with others, speaks at and runs the highly-popular RPG World conference for RPG programmers.