× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2007

Re: i5/OS Encryption

Steve and Vern,

When we were looking at doing some mods to vendor software that held
Credit Card info, we looked at the IBM API's to do this, since they
expanded the encrypted field to a multiple of 4 bytes (at least for the
type of encryption we were looking at). We were going to have to create a
supplemental file (yuck!) that would hold the encrypted number and replace
the number in the file with a key or RRN back to the data.

Encrypting the data was not much of a problem. You can write a trigger
program that will run when a record is added or changed in the file and
have it do the encryption (because you can modify the buffer before it
gets written into the file in this trigger). Decryption on the other hand
does not work the same. We found that you can create a trigger for the
read of the data, but even if the trigger program modifies the data it
does not get passed to the program issuing the read! (double yuck!!) Seem
the designers in their finite wisdom decided that no would be changing the
data coming out of a file in a trigger. We were told by IBM that it works
as designed and was not going to be changed (this was about 3 years ago,
so I've not revisited this might be they have changed their minds). Any
way long story short we were going to have to make modes to 175 vendor
program that read this info so we could call a service program to do the
decrypt, after each and every read in their software (triple yuck!!!).

Luckily the vendor was getting pressure from others and did their own
encryption/decryption so we did not have to mess with this and then
maintain vendor changes in 175 of there programs that we made mods to!!!
Unless IBM has changed the ability of a trigger to update a read buffer
before the program gets the data retrofitting this into a existing system
requires a lot of for thought and possible some recodeing if you don't
have standard I/O routines.

Anyway this is what we ran into back about 3 years ago.


Jim Lowary
System Analyst, Salton Inc.
(573) 447-5500


message: 4
date: Sun, 10 Jun 2007 15:54:59 -0500
from: Vernon Hamberg <vhamberg@xxxxxxxxxxx>
subject: Re: i5/OS Encryption

Steven

Just an uninformed set of thoughts here - heh!

There is the matter of which logical files are based on the files -
recompile
There is the matter of which programs use the files - recompile
There is the matter of what those programs do with the columns in
question - change code and recompile

One thing I don't know - have not done much with encryption - is -
does the system automagically decrypt it for use in programs? I
suspect not, but I don't know.

HTH
Vern

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.