Re: field level encryption?

DB2/400 (the name most users continue to use) also gains new column-level encryption capabilities that will allow developers to encrypt large swaths of data within DB2/400, without getting their hands dirty with low-level programming. IBM is actually providing API hooks for encrypting the columns via native database-level access or via SQL, and the encryption algorithms themselves will be provided by third-party tool vendors.

Currently, Patrick Townsend Security Solutions and Linoma Software are the only third-party providers who have committed to delivering this encryption capability when i/OS 7.1 becomes available next week, although other tools vendors--as well as application developers--are expected to deliver them in the future.

"These [encryption capabilities] are not in the operating system itself, which means you sign up to get the updates from these other providers," Jarman says. "This really simplifies how you would encrypt columns in a database without actually doing it within the application programming itself, which is how you would do it today. This should be very valuable to a lot of people."

Re: field level encryption?

Thanks LittlePd

Reading between the lines...........It sounds like you can encrypt the file's key fields and still process it with SETLL and Read.
I hope so.

Thanks Again
GLS

Re: field level encryption?

I see this as like a database I/O exit point, where IBM is allowing access to the data base I/O stream for the purpose of encrypting/decrypting columns. The encryption/decryption happens outside of your program, so that you don't have to change anything. In other words, you do a write just like you've always done, but before the data gets to the table, the encryption "hook" takes over and your database column is encrypted. When you read, your results come from the database unencrypted, because the "hook" executed the decryption process.

As far as key fields are concerned, I have no clue if you can encrypt those or not. I haven't gotten that deep into it yet. However, our LUG is having a presentation on 7.1 enhancements next Tuesday night. I'll let you know what I find out.

Re: field level encryption?

I'd appreciate that.

Thanks
GLS

Re: field level encryption?

May be I could not follow correctly, but DB2 for i already has the ability to encrypt and decrypt database columns.
There are several scalar functions ENCRYPT_RC2, ENCRYPT_TDES, ENCRYPT_AES and DECRYPT_BIT, DECRYPT_BINARY, DECRYPT_CHAR, DECRYPT_DB.

For more information about Data(base) encryption you may check the following redbook:
IBM System i Security:
Protecting i5/OS Data with
Encryption

You may find a little more information about field leven encryption under release 7.1 in the following article:
How Did IBM Enhance Security in 7.1?

Birgitta

Re: field level encryption?

Hi Birgitta:

The key to this thread is in this quote:
and this one:
Using standard encryption/decryption methods each program which needs the encrypted data will need to be modified. These quotes suggest no modification required

GLS

Re: field level encryption?

Did you read the second article?

With field procedures the existing column values can be encrpyted. When inserting or updating a column with a field procedure, this procedure will be executed, the passed value encrypted and the encrypted value returned. This encrypted value will be shown when executing something like SELECT *, but for further use the field procedure will be called and the encrypted value deciphered for internal use. In this way you can add field procedures and encrypt your data without changing any of your programs because for internal use the dechiphered data is used. To get the decrypted/real value, the field procedure is needed. If someone will download your data (without the field procedure) the encrypted data will stay encrypted.

Birgitta