You are currently on IBM Systems Media’s archival website. Click here to view our new website.

IBM i > ADMINISTRATOR > SECURITY

Lock Up Your Data (But Don't Lose the Combination)


 

Once the domain of governments, spies and the truly paranoid, data encryption is increasingly becoming part of the daily lives of many iSeries* administrators. In the United States, Sarbanes-Oxley has been a major factor in accelerating this requirement. But throughout the world, the threat of computer break-ins and the resulting potential for identity theft and other fraud are forcing us to consider improved methods for securing customer data. Even if you haven't been affected by such changes yet, those who routinely handle credit-card numbers will almost certainly be required to secure this data or face higher fees from the credit-card issuing agencies in the future.

 

With the arrival of i5/OS* V5R3, IBM signaled the importance of data encryption by introducing the Cryptographic Services APIs, a small subset of which are available to V5R2 users via PTF SI10060. To enable the full range of cryptographic support, you must install IBM* Cryptographic Access Provider (5722-AC3) together with Option 35 of i5/OS, which provides the CCA Cryptographic Service Provider APIs. Full details of these new services can be found under the API heading in the V5R3 Information Center (www.ibm.com/iseries/infocenter). We hope to cover these APIs in more detail in future articles, but some examples can be found in the API documentation. Encryption support is also available through Java* APIs and the new SQL scalar function, Encrypt_RC2. (For details on this new SQL support, see the article "The Next Step in Security," www.eservercomputing.com.)

 

Since we know that many of you aren't yet using V5R2, this article focuses on a little-known facility thats available to everyone using systems at V5R1 and later-the MI function CIPHER, which provides many encryption and hashing functions. Our specific example uses the RC4 encryption algorithm, one of many supported by CIPHER.

 

Sample Program

To illustrate how CIPHER works, let's examine a simple RPG program that illustrates the ability to encrypt and subsequently decrypt a fields contents (see Code Sample 1). To keep the example short and simple, well use the DSPLY operation code to obtain the encryption key value and display the results of the encryption and decryption process. 

 

For those unfamiliar with the term "encryption key," it's a secret value (similar to a password) shared between two parties that enables them to communicate securely. The key scrambles data in such a way that the only way to recover the message is to use the same encryption key to decrypt the data. The key isn't stored as part of the message, so losing the key makes the data useless.

 

Its time to examine the program itself. At (A) we see the prototype for the CIPHER function. Note that like all MI instructions that are surfaced as functions, the name is prefixed with an underscore. It's important to remember that procedure names are case sensitive, so the name _CIPHER should be used exactly as shown. The prototype is simple, defining just three parameters: 

 

 

  • The first parameter is a pointer to the field to be used to hold the output from the process.

     

     

  • The second parameter identifies the control structure used to specify the type of encryption to be performed and the key informations location, among other things. We'll further examine this structure later. 

     

     

  • The third parameter is a pointer to the string that's to be processed.

     

     

    The pointers we'll be using are defined at (B). Notice that they're initialized to the input and output field addresses.

     

 

 

Jon Paris is a technical editor with IBM Systems Magazine and co-owner of Partner400.

Susan Gantner is a technical editor with IBM Systems Magazine and co-owner of Partner400.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM i > ADMINISTRATOR > SECURITY

A Guide to Passing an Audit

ADMINISTRATOR > SECURITY

A Look at COBIT Security

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters