× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. June 2009

RE: XML Encryption MD5

James,

MD5 is a hash algorithm (one way encryption). It is generally used to create a digital fingerprint of a file (or a piece of data in it).

You need to double check which algorithm is being used. It is probably using AES or Triple DES but you have to know that. If you end up needing to use AES, there is an example in the archives that shows how to do 128 bit AES (make sure you read the entire thread since there is a bug in the posted code). It can be used as a starting point for 256 bit AES. Also, some of the more recent OS releases added API's so you don't need to wrap the CIPHER MI.

Also, you will need to convert the data into the character encoding used by the web service you are calling before you encrypt it. It is likely UTF-8 or UTF-16 but that is also something you need to know. The reason for this is that once the data is encrypted, it becomes binary and it can not automatically be translated. Since it is binary data and the web is all text based, you'll need to encode it. UU encoding and sending hex representations of the data are common ways to handle this but you need to know what the service expects.

The passphrase, salt, and init vector are parameters that get passed into the encryption routine. If you take a look at http://publib.boulder.ibm.com/iseries/v5r1/ic2924/tstudio/tech_ref/mi/CIPHER.htm, you can see how they are used (note that you'll need to know the algorithm and I know that this is an old version but it works up through at least V5R4). This document does expect you to know something about encryption but IBM is using industry standard terms in the document so you should be able to find information on the terms you don't understand.

BTW, if you were given a salt value, whoever created the service didn't know what they were doing either. The salt value is supposed to be random data that is added in so that the same data looks different every time it is encrypted. This makes the encrypted data less vulnerable to brute force dictionary attacks (if you know the clear text, the cipher text, and cipher being used, you can determine the password -- adding random data makes that harder). The salt value will need to be passed to anyone who needs to decrypt that data or else they will not be able to decrypt it. There are also several ways this can be passed to what ever is decrypting it so you'll also need to know how to send it along.

Matt

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of James Viney
Sent: Wednesday, June 24, 2009 9:05 AM
To: 'rpg400-l@xxxxxxxxxxxx'
Subject: XML Encryption MD5

Hello all,

Could someone please help. I'm programming a system to send a soap message to webservice. I've now found out that the main data has be encrypted within the soap header using MD5 256-bit. I've been given three keys for, Passphrase, saltValue, and initVector.

I cannot find any kind of "dummies guide" to encryption on the net, and was wondering if anyone knew of a way of doing this within RPGLE? I've found the odd program floating around out there, but none of them refer to the values above. I was hoping there would be some guide out there, but nothing unearthed so far.

Any help would be appreciated.

Thanks,

James


James Viney
Senior Analyst/Programmer
Fortis Insurance Limited
Fortis House Tollgate Eastleigh Hants SO53 3YA
Tel: 02380 313324

Note: Please update your contacts list with my new email address james.viney@xxxxxxxxxxxxxxxxxxxxx<mailto:james.viney@xxxxxxxxxxxxxxxxxxxxx>


________________________________
Registered Address: Fortis House Tollgate Eastleigh Hampshire SO53 3YA Registered Number: 354568 England
Authorised and regulated by the Financial Services Authority

This e-mail together with any attachments are intended for the addressee only and may be private and confidential. If you are not the intended recipient, or the person responsible for delivering it to the intended recipient, you must not open any attachments, or copy, disclose, distribute, retain or use this e-mail, including any attachments, in any way whatsoever; please return it to us immediately using the reply facility on e-mail.

Consider the environment and think before you print this email.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.