RE: Data Encryption

From: "Leibowitz, Larry" <Larry.Leibowitz@xxxxxxxxxxxxxxx>
Reply-To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Subject: RE: Data Encryption
Date: Thu, 17 May 2007 11:37:21 -0400

I do have this installed on my box:
5722AC3 *INSTALLED Crypto Access Provider 128-bit
Where can I get examples of source that uses it? I basically need to
encrypt one field within a file.
TIA

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Stephen Landess
Sent: Thursday, May 17, 2007 11:06 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: Data Encryption


In order to use the cryptographic API's, you need to have Cryptographic
Access Provider 128-bit 5722-AC3 for iSeries installed. Otherwise, the
API
call will fail with a message that says "Text not available for message
CPF9DFF file QCPFMSG."

- Steve


>From: MWHopkins@xxxxxxxxxxxxxxx
>Reply-To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxx>
>To: midrange-l@xxxxxxxxxxxx
>Subject: Re: Data Encryption
>Date: Thu, 17 May 2007 10:16:03 -0400
>
>Here is a program/procedure I picked up somewhere along the line that
will
>encrypt/decrypt a string that you pass in to it. I think that most of
the
>code is self explanatory. The only thing I don't like about it is that
the
>key string is hard coded in the program. I think you have to have the
>cryptographic services installed on the iSeries. Not sure if it is
always
>included now or not.
>
> * CRTRPGMOD DECRYPTDTA
> * BNDSRVPGM(QC3DTAEN QC3PRNG)
> *
> * Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API
> * Service Program Name: QC3DTAEN
>
> * Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API
> * Service Program Name: QC3DTADE
> Hdatedit(*ymd) datfmt(*ymd) debug(*yes) timfmt(*hms)
> /If defined(SrvPgm)
> Hnomain
> D Encryption PR 1N
> D ClearData 32767a Varying
> D EncryptData 32767a Varying
> D Processing 1a
> * -----------------------------------------------------------
> * CALL QMHRMVPM to remove all messages from passed programqueue
> * always return *OFF
> * -----------------------------------------------------------
> D Encryption PI 1N
> D ClearData 32767a Varying
> D EncryptData 32767a Varying
> D Processing 1a
> /Endif
> */copy qsysinc/qrpglesrc.QC3CCI
>
D*******************************************************************
> D*Data definitions
>
D*******************************************************************
> D*ALGD0200 algorithm description structure
> DQC3D0200 DS
> D* Qc3 Format
ALGD0200
> D QC3BCA 1 4B 0
> D* Block Cipher Alg
> D QC3BL 5 8B 0
> D* Block Length
> D QC3MODE 9 9
> D* Mode
> D QC3PO 10 10
> D* Pad Option
> D QC3PC 11 11
> D* Pad Character
> D QC3ERVED 12 12
> D* Reserved
> D QC3MACL 13 16B 0
> D* MAC Length
> D QC3EKS 17 20B 0
> D* Effective Key Size
> D QC3IV 21 52
> D* Init Vector
> D*ALGD0300 algorithm description structure
> DQC3D0300 DS
> D* Qc3 Format
ALGD0300
> D QC3SCA 1 4B 0
> D* Stream Cipher Alg
> D*ALGD0400 algorithm description structure
> DQC3D0400 DS
> D* Qc3 Format
ALGD0400
> D QC3PKA 1 4B 0
> D* Public Key Alg
> D QC3PKABF 5 5
> D* PKA Block Format
> D QC3ERVED00 6 8
> D* Reserved
> D QC3SHA 9 12B 0
> D* Signing Hash Alg
> D*ALGD0500 algorithm description structure
> DQC3D0500 DS
> D* Qc3 Format
ALGD0500
> D QC3HA 1 4B 0
> D* Hash Alg
> D*DATA0200 array data format structure
> DQC3A0200 DS
> D* Qc3 Format
DATA0200
> D QC3DP 1 16*
> D* Data Ptr
> D QC3DL 17 20B 0
> D* Data Len
> D QC3ERVED01 21 32
> D* Reserved
> D*KEYD0200 key description format structure
> DQC3D020000 DS
> D* Qc3 Format
KEYD0200
> D QC3KT 1 4B 0
> D* Key Type
> D QC3KSL 5 8B 0
> D* Key String Len
> D QC3KF 9 9
> D* Key Format
> D QC3ERVED02 10 12 inz(x'000000')
> D* Reserved
> D*QC3KS 13 13
> D*
> D* variable length
>
D*******************************************************************
>
> * API error structure
> D APIERR DS
> D ERRPRV 10I 0 INZ(272)
> D ERRLEN 10I 0
> D EXCPID 7A
> D RSRVD2 1A
> D EXCPDT 256A
> D
> *Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API protects
> *data privacy by scrambling clear data into an unintelligible
form.
> D*Qc3EncryptData Pr ExtProc('Qc3EncryptData')
> D Qc3EncryptData Pr ExtPgm('QC3ENCDT')
> D clrDta 32767a
> D clrDtaLen 10I 0
> D clrDtaFmt 8
> D algorithm like(QC3D0200)
> D algorithmFmt 8
> D key like(KeyC)
> D keyFmt 8
> D srvProvider 1
> D deviceName 10
> D encryptedData 32767a
> D encryptedBufL 10I 0
> D encryptedRtnL 10I 0
> D errcde like(APIERR)
>
> * Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API restores
> * encrypted data to a clear (intelligible) form.
> D*Qc3DecryptData Pr ExtProc('Qc3DecryptData')
> D Qc3DecryptData Pr ExtPgm('QC3DECDT')
> D encryptedData 32767a
> D encryptedDtaL 10I 0
> D algorithm like(QC3D0200)
> D algorithmFmt 8
> D key like(keyC)
> D keyFmt 8
> D srvProvider 1
> D deviceName 10
> D clrDta 32767a
> D clrDtaBufL 10I 0
> D clrDtaRtnL 10I 0
> D errcde like(APIERR)
>
> DQc3GenPRNs Pr ExtPRoc('Qc3GenPRNs')
> D PrnDta 512
> D PrnDtaLen 10I 0
> D PrnType 1
> D PrnParity 1
> D errcde like(APIERR)
>
> D PrnDta S 512
> D PrnDtaLen S 10I 0
> D PrnType S 1 inz('1')
> D PrnParity S 1 inz('1')
>
> D clrDta S 32767a
> D clrDtaLen S 10I 0
> D clrDtaFmt S 8 inz('DATA0100')
> D algorithm S like(QC3D0200)
> D algorithmFmt S 8 inz('ALGD0200')
> D key S like(KeyC)
> D keyFmt S 8 inz('KEYD0200')
> D srvProvider S 1 inz('1')
> D deviceName S 10 inz(*blanks)
> D encryptedData S 32767a
> D encryptedDtaL S 10I 0
> D encryptedBufL S 10I 0
> D encryptedRtnL S 10I 0
> D clrDtaBufL S 10I 0
> D clrDtaRtnL S 10I 0
>
> D KeyString S 256 Inz('Put your key string in
>here')
> D KeyC S 256
> D returnCode S n
>
> /if not defined(SrvPgm)
> D ClearData s 32767a Varying
> D EncryptData s 32767a Varying
> D Processing s 1a
>
> c *Entry plist
> c parm ClearData
> c parm EncryptData
> c parm Processing
> /EndIf
>
> C Eval clrDta = ClearData
> C Eval clrDtaLen = %len(%trimr(clrDta))
> C Eval encryptedBufL =
%size(encryptedData)
> C* Block cipher algorithm
> * 20 DES
> * 21 Triple DES
> * 22 AES
> C Eval QC3BCA = 22
> *Block length
> * 8 DES
> * 8 Triple DES
> * 16 AES
> C Eval QC3BL = 16
> *Mode
> * 0 ECB
> * 1 CBC
> * 2 OFB. Not valid with AES.
> * 3 CFB 1-bit. Not valid with AES.
> * 4 CFB 8-bit. Not valid with AES.
> * 5 CFB 64-bit. Not valid with AES
> C Eval QC3MODE = '1'
> * Pad Option
> * 0 No padding is performed.
> * 1 Use the character specified in the pad character field for
>padding
> * 2 The pad counter is used as the pad character.
> C Eval QC3PO = '1'
>
> * Pad Character
> C Eval QC3PC = X'00'
> * Reserved
> C Eval QC3ERVED = X'00'
> * MAC Length
> * This field is not used on an encrypt operation and must be set
to
> * null(binary 0s).
> C Eval QC3MACL = X'00000000'
> * Effective key size
> * This field must be set to 0.
> C Eval QC3EKS = 0
> * Initialization vector
> * The initialization vector (IV). An IV is not used for mode
ECB,
> * and must be set to NULL (binary 0s).
> C Eval QC3IV = *AllX'00'
> C Reset encryptedData
> C Eval encryptedBufL = %len(encryptedData)
>
> C* Eval algorithm = %addr(QC3D0200)
> C Eval algorithm = QC3D0200
> * Key Type KeyFormat KeyLength
> * 20 DES 0 8(7 bits used,rightmost
>setbit
> * 21 Triple DES 0 8,16,24(7 bits used,rightmost
>setbit
> * 22 AES 0 16,24,32
> * 30 RC4-compatible 0 1<->256
> * 50 RSA public 1
> * 51 RSA private 1
> C Eval QC3KT = 22
>
> * Key Format
> C Eval QC3KF = '0'
> * Key String
> C* Eval KeyString = '12345678'
> C* Eval PrnDtaLen = 8
> C* callP Qc3GenPRNs(
> C* PrnDta :
> C* PrnDtaLen :
> C* PrnType :
> C* PrnParity :
> C* APIERR
> C* )
> C* ExSr ChkErrCde
> C* Eval KeyString = %SubSt(PrnDta :
> C* 1 : PrnDtaLen)
> * Key Length
> C Eval QC3KSL = 32
> C Eval KeyC = QC3D020000 +
%trim(KeyString)
> C* Eval Key = %addr(KeyC)
> C Eval Key = KeyC
>
> C Select
> C When Processing = 'E'
>
> C Eval clrDta = ClearData
> C Eval clrDtaLen = %len(%trimr(clrDta))
> C Eval encryptedBufL =
%size(encryptedData)
>
>
> C callP Qc3EncryptData(
> C clrDta :
> C clrDtaLen :
> C clrDtaFmt :
> C algorithm :
> C algorithmFmt :
> C key :
> C keyFmt :
> C srvProvider :
> C deviceName :
> C encryptedData :
> C encryptedBufL :
> C encryptedRtnL :
> C APIERR
> C )
> C ExSr ChkErrCde
>
> C When Processing = 'D'
>
> C Eval encryptedData = encryptData
> C Eval encryptedDtaL =
>%len(%trimr(encryptedData))
> C Eval clrDtaBufL = %size(clrDta)
> C callP Qc3DecryptData(
> C encryptedData :
> C encryptedDtaL :
> C algorithm :
> C algorithmFmt :
> C key :
> C keyFmt :
> C srvProvider :
> C deviceName :
> C clrDta :
> C clrDtaBufL :
> C clrDtaRtnL :
> C APIERR
> C )
> C ExSr ChkErrCde
> C EndSl
>
> C Eval *InLr = *On
> /If defined(SrvPgm)
> C Return returnCode
> /Else
> C Return
> /EndIf
>
>**********************************************************************
> C ChkErrCde BegSr
> C If ERRLEN > 0
> C* dump
> C Eval returnCode = *on
> C Else
> C Eval returnCode = *off
> C Select
> C When Processing = 'E'
> C Eval encryptData =
> C
%subst(encryptedData:1:encryptedRtnL)
> C When Processing = 'D'
> C Eval ClearData =
%subst(clrDta:1:clrDtaRtnL)
> C EndSl
> C EndIf
> C* Dump
> C EndSr
>
>**********************************************************************
> /If defined(SrvPgm)
> P Encryption E
> /EndIf
>
>
>
>Matt Hopkins
>Sr. Programmer/Analyst
>Web: www.pdpgroupinc.com
>Email: MWHopkins@xxxxxxxxxxxxxxx
>Office: 410-584-0330
>Fax: 410-584-0336
>
>
>
>
>
>
>----- Message from "Leibowitz, Larry" <Larry.Leibowitz@xxxxxxxxxxxxxxx>
on
>Thu, 17 May 2007 09:36:55 -0400 -----
>To:
><midrange-l@xxxxxxxxxxxx>
>Subject:
>Data Encryption
>I have been asked to encrypt data (one field) in a Physical File. We
>have a 520 at V5R3. Are there utilities available on the System I or do
>I need to use a Tool from a vendor?
>
>
>
>Thanks in Advance
>
>
>**********************************************************************
>The information contained in this message is confidential and is
intended
>for the addressee(s) only. If you have received this message in error
or
>there are any problems please notify the originator immediately. The
>unauthorized use, disclosure, copying or alteration of this message is
>strictly forbidden. CED-Concord Management will not be liable for
direct,
>special, indirect or consequential damages arising from the alteration
of
>the
>contents of this message by a third party or as a result of any virus
>being
>passed on.
>
>This footnote confirms that this email message has been swept by
>MIMEsweeper for Content Security threats, including computer viruses.
>
>www.mimesweeper.com
>**********************************************************************
>
>--
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest
list
>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.
>
>
>--
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.
>

_________________________________________________________________
PC Magazine's 2007 editors' choice for best Web mail-award-winning
Windows
Live Hotmail.
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migr
ation_HM_mini_pcmag_0507


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.