.st0{fill:#FFFFFF;}

Using IBM i FIELDPROC encrypt sensitive data 

 March 15, 2014

By  NickLitten

I wrote a data encryption routine a few years ago. In my ongoing mission to refactor my old utilities, I was looking at it this weekend thinking about ways to improve it:

The basic premise behind my routine is to read a row of information from a file, perform encryption of said data based on a specific ‘key’ and then hide the key within the encrypted data – so it can be decrypted correctly at a later date. Keeps data safe from prying eyes even if they manage to get access to the file data itself. This worked very nicely for obfuscating the source code for my Projex4i programs, but has bitten me on a few occasions when somebody has tampered with the data in the file, therefore making my encryption key incorrect. Tampered data means I have effectively lost my ability to decode it.

There must be a better way right?

There is – FIELDPROC in IBM-i v7.1

What is Field Proc?

Fieldproc is a data encryption feature added to the IBMi operating system from version 7.1 onwards. It stands for FIELD PROCEDURES and allows encryption of a files data at field (column) level. It’s an exit point routine that allow the operating system to encrypt data as its read and/or updated. So, not only are you relying on the operating systems inherent data authority to decide whether a specific reader can view the data – we now have another level of encryption that can say “you may be allow to view the data but are you allowed to actually see the data behind it?”

Take credit card information for example: Maybe we want to allow some user to see a credit card number in all its glory and some other can only see xxx-xxx-xxx-1234 for example. Think about the same solution for Social Security numbers?

Just another reason to bypass the 6.1 upgrade and jump straight to IBMI 7.1

NickLitten


IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Shameless Trekkie, Belligerent Nerd, Englishman Abroad and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and remember: If at first you don't succeed then skydiving probably isn't a hobby you should look into.

Nick Litten

related posts:

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"cff50":{"name":"Main Accent","parent":-1},"a344d":{"name":"Accent Transparent","parent":"cff50"}},"gradients":[]},"palettes":[{"name":"Default","value":{"colors":{"cff50":{"val":"var(--tcb-skin-color-0)"},"a344d":{"val":"rgba(46, 138, 229, 0.85)","hsl_parent_dependency":{"h":210,"l":0.54,"s":0.78}}},"gradients":[]},"original":{"colors":{"cff50":{"val":"rgb(0, 178, 255)","hsl":{"h":198,"s":1,"l":0.5}},"a344d":{"val":"rgba(0, 178, 255, 0.85)","hsl_parent_dependency":{"h":198,"s":1,"l":0.5}}},"gradients":[]}}]}__CONFIG_colors_palette__

Get In Touch

Iā€™m always looking for awesome input, feedback and critique!

>