Using IBM i FIELDPROC encrypt sensitive data


Mar 15

I wrote a data encryption routine a few years ago. In my ongoing mission to refactor my old utilities, I was looking at it this weekend thinking about ways to improve it:

The basic premise behind my routine is to read a row of information from a file, perform encryption of said data based on a specific ‘key’ and then hide the key within the encrypted data – so it can be decrypted correctly at a later date. Keeps data safe from prying eyes even if they manage to get access to the file data itself. This worked very nicely for obfuscating the source code for my Projex4i programs, but has bitten me on a few occasions when somebody has tampered with the data in the file, therefore making my encryption key incorrect. Tampered data means I have effectively lost my ability to decode it.

There must be a better way right?

There is – FIELDPROC in IBM-i v7.1

What is Field Proc?

Fieldproc is a data encryption feature added to the IBMi operating system from version 7.1 onwards. It stands for FIELD PROCEDURES and allows encryption of a files data at field (column) level. It’s an exit point routine that allow the operating system to encrypt data as its read and/or updated. So, not only are you relying on the operating systems inherent data authority to decide whether a specific reader can view the data – we now have another level of encryption that can say “you may be allow to view the data but are you allowed to actually see the data behind it?”

Take credit card information for example: Maybe we want to allow some user to see a credit card number in all its glory and some other can only see xxx-xxx-xxx-1234 for example. Think about the same solution for Social Security numbers?

Just another reason to bypass the 6.1 upgrade and jump straight to IBMI 7.1


About the Author

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Alpha Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and in the words of the most interesting man in the world: Stay thirsty my friend.

%d bloggers like this: