× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Michael,

Great! If you don't change any of the current parameters and settings,
I'd expect the 32 bytes to be sufficient for future use also. Both of
the alternatives you mention regarding storing the encrypted value would
work, but regardless of which one you choose, you'd want to consider
adding a field to hold an individual salt (initial chaining value) to be
used in the encryption/decryption process. You don't mention if you're
already doing this, so I thought I'd better remind you, anyway. Let me
know if you need more information.

Best regards,
Carsten

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Michael Ryan
Sent: 24. april 2008 16:22
To: Midrange Systems Technical Discussion
Subject: Re: Encrypted Data to File

Hi Carsten -

It's working! I must have been using a copy of the file that wasn't
VARLEN. So I've created a file with DDS fields that looks like this:

A FLDA 1024 CCSID(65534)
A VARLEN(32)
...

Is this an efficient way to hold the encrypted information? Are 32 byte
fields long enough (I'm using TDES) to accommodate the following
unencrypted lengths - 9, 16, 20, 6? 24 doesn't seem to work.

My thought is to have a 'shadow' file that contains the encrypted
fields, and to blank out the corresponding fields in the 'master'
file. Another thought is to have one file with all encrypted fields,
regardless of 'master' file, with appropriate key information in the
encrypted file to pull out the associated fields. Any thoughts on this?

I really appreciate the good code - thank you!

- Michael




On Thu, Apr 24, 2008 at 10:03 AM, Flensburg, Carsten
<Flensburg@xxxxxxxxxx> wrote:
Hi Michael,

Depending on the encryption algorithm and mode as well as the chosen

encryption block length, the 16 bytes credit card number might end up
as a 24 or 32 bytes cipher string. Given that you're using my service

program you're receiving a varying length cipher string value from the

encryption procedure, and if you assign that value directly to the
file VARLEN field and vice/versa to the decryption procedure, the
correct length actually should be preserved. Yet, as you point out,
something has to be different, because if you feed the cipher string
directly back everything works. Have you tried checking out the
string lengths and cipher strings in the debugger? If you want you
can also send me your code and I'll have a look.


Best regards,
Carsten


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Michael Ryan

Sent: 24. april 2008 15:30
To: Midrange Systems Technical Discussion


Subject: Re: Encrypted Data to File

Hi Carsten -

Thanks for the feedback. Your service program works quite well -
thanks!

I'm trying this:

Encrypt:
Take a piece of encrypted data, say a 16 credit card number; Encrypt
it into a 1024 varying field; Store the 1024 byte varying field into
a physical file with the VARLEN field level keyword, or into an SQL
table as a VARCHAR;
Decryp:
Access the appropriate record in the database; Take the VARLEN or
VARCHAR field from the file/table; Decrypt into a 1024 varying field;

Extract the 16 bytes (known length based on the application).

Does this make sense?

Thanks!


On Thu, Apr 24, 2008 at 8:43 AM, Flensburg, Carsten
<Flensburg@xxxxxxxxxx> wrote:
> Hello Michael,
>
> You'd want to tag the physical file field with a CCSID(65535) >
keyword, to avoid possible conversion issues relating to treating the

> data as text - as opposed to the binary value a cipher string
represents.
>
> Judged by your description of the problem another more immediate
concern would be how you preserve the actual length of the cipher
string. You have to feed back the exact same string length to the
decryption process as you received initially from the encryption >

process. So if you receive a cipher string with a length of 192 >
bytes, store that value in a fixed field in your physical file having

> a length of f.x. 512 bytes, you'll need some way to ensury that >

you're only passing the actual 192 bytes cipher string back to the >

decryption process. Simply running a %Trim() against the file field
is not a recommended method of obtaining the cipher string length,
as

> there's a possibility that the encryption process returns the
value x'40' as the two rightmost nibbles.
>
> Best regards,
> Carsten
>
>
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx >
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Michael Ryan >

Sent: 24. april 2008 14:09 > To: Midrange Systems Technical
Discussion > Subject: Encrypted Data to File > > I've implemented

Carsten Flensberg's service program to encrypt and > decrypt data
using the Cryptographic APIs. Works well. However, I'm > having a
problem writing to/reading from a physical file containing > the
encrypted data. I encrypt some data into a 1024A varying field, > put

the varying length field into a (smaller) fixed length field in >
the database, and then in a later process, read the encrypted data >

and attempt to decrypt it. I get a value back of blanks from the >
decryption, though I can see (in debug) that the encrypted data is >

there. If I don't move the encrypted data into the physical file >
field, I'm able to encrypt and decrypt. So it must be the physical >

file move that's causing the problem. Has anyone encountered this?
> What's the fix?
>
> Thanks!
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) >
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To >
subscribe, unsubscribe, or change list options, > visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take

> a moment to review the archives at
http://archive.midrange.com/midrange-l.
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) >
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To >
subscribe, unsubscribe, or change list options, > visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please

take a moment to review the archives at >
http://archive.midrange.com/midrange-l.
>
>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take

a moment to review the archives at
http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.