I wrote a data encryption routine a few years ago. In my ongoing mission to refactor my old utilities, I was looking at it this weekend thinking about ways to improve it. The basic premise behind my routine is to read a row of information from a file, perform encryption of said data based on a specific ‘key’ and then hide the key within the encrypted data – so it can be decrypted correctly at a later date. Keeps data safe from prying eyes even if they manage to get access to the file data itself. This worked very nicely for obfuscating the source code for my Projex4i programs, but has bitten me on a few occasions when somebody has tampered with the data in the file, therefore making my encryption key incorrect. Tampered data means I have effectively lost my ability to decode it.
There must be a better way right?
There is – FIELDPROC in IBM-i v7.1
What is Field Proc?
Fieldproc is a data encryption feature added to the IBMi operating system from version 7.1 onwards. It stands for FIELD PROCEDURES and allows encryption of a files data at field (column) level. It’s an exit point routine that allow the operating system to encrypt data as its read and/or updated. So, not only are you relying on the operating systems inherent data authority to decide whether a specific reader can view the data – we now have another level of encryption that can say “you may be allow to view the data but are you allowed to actually see the data behind it?”
Take credit card information for example: Maybe we want to allow some user to see a credit card number in all its glory and some other can only see xxx-xxx-xxx-1234 for example. Think about the same solution for Social Security numbers?
Just another reason to bypass the 6.1 upgrade and jump straight to IBMI 7.1
IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Alpha Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and in the words of the most interesting man in the world: Stay thirsty my friend.
Encrypt IBM i File (Table) Data with no RPGLE changes using SQL
How to read a Data Area (*DTAARA) using IBM i SQL
IBM i SQL – Using SUBST to insert data into a string
IBM i User Profile – Special Authorities
WordPress Jetpack Error “Server unable to connect with my site http 404”
Give AS400 users the ability to change user authority temporarily
An old AS400 Quiz willed with technical questions and plain old fashioned AS/400 brainteasers
How to get IBM i command line during runtime using System Request 3
Trump announces we need to start planning for the Y10K Software Crisis