× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



So the Qc3 apis are actually using the _cypher api. Just adding another layer to protect from MI code changes in the future.

I found some Scott Klemment code that shows how to use the _cipher. This is a slightly modified version I was playing with. Is anyone aware of sample code for the Qc3 apis? I found a few hits but the code was not as clear to me as this example

H Dftactgrp(*NO)
H Option(*srcstmt:*nodebugio) Expropts(*resdecpos)

D CIPHER PR extproc('_CIPHER')
D receiver *
D controls 32A
D source *

D TDES_Controls DS qualified
D Function 2A
D Length 5u 0
D operation 1A
D mode 1A
D InitVector 8A
D PadOpt 1A
D PadChar 1A
D MACLen 3u 0
D NbrKeys 3u 0
D Key1 8A
D Key2 8A
D Key3 8A

D TDES C x'0011'
D ENCRYPT C x'00'
D DECRYPT C x'01'
D MODE_ECB C x'00'
D PAD_NUMB C x'02'

D p_Source S *
D p_Result S *

D InputString S 52A varying
D Result S 52A varying

/free

// ------------------------------------------
// Set up basic TDES controls.
// ------------------------------------------

TDES_Controls = *ALLx'00';
TDES_Controls.Function = TDES;
TDES_Controls.mode = MODE_ECB;
TDES_Controls.PadOpt = PAD_NUMB;
TDES_Controls.NbrKeys = 3;
TDES_Controls.Key1 = 'Key1Here';
TDES_Controls.Key2 = 'Key2Here';
TDES_Controls.Key3 = 'Key3Here';

// ------------------------------------------
// Set up for ENCRYPT
// ------------------------------------------

InputString = 'This is a test string.';
TDES_Controls.Length = %len(InputString);
TDES_Controls.operation = ENCRYPT;

// ------------------------------------------
// Encrypt the InputString using the
// three keys provided.
// ------------------------------------------

p_Source = %addr(InputString) + 2;
p_Result = %addr(Result) + 2;
%len(Result) = %size(Result) - 2;

CIPHER( p_Result
: TDES_Controls
: p_Source );

%len(Result) = TDES_Controls.Length;
dsply Result;
dsply %len(Result);

// ------------------------------------------
// Set up for DECRYPT
// ------------------------------------------

InputString = Result;
TDES_Controls.Length = %len(InputString);
TDES_Controls.operation = DECRYPT;

// ------------------------------------------
// Decrypt the InputString using the

// three keys provided.
// ------------------------------------------

p_Source = %addr(InputString) + 2;
p_Result = %addr(Result) + 2;
%len(Result) = %size(Result) - 2;

CIPHER( p_Result
: TDES_Controls
: p_Source );

%len(Result) = TDES_Controls.Length;
dsply Result;
dsply %len(Result);

*inlr = *on;
/end-free

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Bruce Vining
Sent: Tuesday, March 25, 2008 3:58 PM
To: RPG programming on the AS400 / iSeries
Subject: RE: _cipher API vs Qc3Encrypt/Qc3DecryptData vs SQL

I'm not sure you want to use a trigger for this type of application. You could certainly encrypt the field using a trigger on update/write, but the read trigger doesn't allow you to alter the buffer delivered to the application (at least the last I looked) and so you would still need application awareness to decrypt the data.

The APIs and the cipher instruction, where they overlap, are accessing common function found in the Licensed Internal Code. If it was me, I would tend to go the Qc3 API route only because the APIs provide quite a bit more in the way of documentation. I generally use MI only when there is no suitable alternative. And while IBM supports the use of both MI and System APIs, the support tends to be more readily at hand with APIs as MI just isn't used all that much.

SQL could certainly be used for this. But if you are not currently using SQL I'm not sure that I would change over to it for a one time application enhancement.

Bruce
http://www.brucevining.com/
Providing integrated solutions for the System i user community


Mike Cunningham <mcunning@xxxxxxx> wrote:
True, and that is where I might put it since I do want it to be always encrypted but I still need to figure out if I do the trigger with _cipher or Qc3 APIs. I don't think the SQL method would work in a trigger

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, March 25, 2008 3:36 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: _cipher API vs Qc3Encrypt/Qc3DecryptData vs SQL

Is there a way to determine if a field has already been encrypted? If so,
then the encryption could be in the trigger associated with that file.

Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





Mike Cunningham
Sent by: rpg400-l-bounces@xxxxxxxxxxxx
03/25/2008 03:32 PM
Please respond to
RPG programming on the AS400 / iSeries


To
"'RPG Midrange'"
cc

Subject
_cipher API vs Qc3Encrypt/Qc3DecryptData vs SQL






I am working on my first application that needs to use Triple DES
encryption to encrypt a single field in a database. I found an example of
doing this using the _cipher mi API and the Qc3.. APIs and SQL. Is there
any difference between the three methods I found to encrypt data?
Obviously the SQL method would require me to do SQL inserts instead of
writes. Is there any difference between the two different APIs? _cipher
looks like it can do both where the Qc3 apis have one for each direction.
--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.

--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.




Bruce
Bruce Vining Services
507-206-4178
--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.