Thanks Matt. Having looked at your response and going from my own discoveries yesterday I'm tending to side with Scott's opinion! There's a lot of information below which I think will take me a while to get right - time which I don't have!
This is an area I'd like to become knowledgeable in, but I think I'm going to need to call in an expert to learn from, in this instance. I just fear they're going to recommend a java or c approach.
Thanks again for all your swift responses - and Bruce, I'll search out your book!
James
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Haas, Matt (CL Tech Sv)
Sent: 24 June 2009 23:12
To: RPG programming on the IBM i / System i
Subject: RE: XML Encryption MD5
James,
MD5 is a hash algorithm (one way encryption). It is generally used to create a digital fingerprint of a file (or a piece of data in it).
You need to double check which algorithm is being used. It is probably using AES or Triple DES but you have to know that. If you end up needing to use AES, there is an example in the archives that shows how to do 128 bit AES (make sure you read the entire thread since there is a bug in the posted code). It can be used as a starting point for 256 bit AES. Also, some of the more recent OS releases added API's so you don't need to wrap the CIPHER MI.
Also, you will need to convert the data into the character encoding used by the web service you are calling before you encrypt it. It is likely UTF-8 or UTF-16 but that is also something you need to know. The reason for this is that once the data is encrypted, it becomes binary and it can not automatically be translated. Since it is binary data and the web is all text based, you'll need to encode it. UU encoding and sending hex representations of the data are common ways to handle this but you need to know what the service expects.
The passphrase, salt, and init vector are parameters that get passed into the encryption routine. If you take a look at
http://publib.boulder.ibm.com/iseries/v5r1/ic2924/tstudio/tech_ref/mi/CIPHER.htm, you can see how they are used (note that you'll need to know the algorithm and I know that this is an old version but it works up through at least V5R4). This document does expect you to know something about encryption but IBM is using industry standard terms in the document so you should be able to find information on the terms you don't understand.
BTW, if you were given a salt value, whoever created the service didn't know what they were doing either. The salt value is supposed to be random data that is added in so that the same data looks different every time it is encrypted. This makes the encrypted data less vulnerable to brute force dictionary attacks (if you know the clear text, the cipher text, and cipher being used, you can determine the password -- adding random data makes that harder). The salt value will need to be passed to anyone who needs to decrypt that data or else they will not be able to decrypt it. There are also several ways this can be passed to what ever is decrypting it so you'll also need to know how to send it along.
Matt
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of James Viney
Sent: Wednesday, June 24, 2009 9:05 AM
To: 'rpg400-l@xxxxxxxxxxxx'
Subject: XML Encryption MD5
Hello all,
Could someone please help. I'm programming a system to send a soap message to webservice. I've now found out that the main data has be encrypted within the soap header using MD5 256-bit. I've been given three keys for, Passphrase, saltValue, and initVector.
I cannot find any kind of "dummies guide" to encryption on the net, and was wondering if anyone knew of a way of doing this within RPGLE? I've found the odd program floating around out there, but none of them refer to the values above. I was hoping there would be some guide out there, but nothing unearthed so far.
Any help would be appreciated.
Thanks,
James
James Viney
Senior Analyst/Programmer
Fortis Insurance Limited
Fortis House Tollgate Eastleigh Hants SO53 3YA
Tel: 02380 313324
Note: Please update your contacts list with my new email address james.viney@xxxxxxxxxxxxxxxxxxxxx<mailto:james.viney@xxxxxxxxxxxxxxxxxxxxx>
________________________________
Registered Address: Fortis House Tollgate Eastleigh Hampshire SO53 3YA Registered Number: 354568 England
Authorised and regulated by the Financial Services Authority
This e-mail together with any attachments are intended for the addressee only and may be private and confidential. If you are not the intended recipient, or the person responsible for delivering it to the intended recipient, you must not open any attachments, or copy, disclose, distribute, retain or use this e-mail, including any attachments, in any way whatsoever; please return it to us immediately using the reply facility on e-mail.
Consider the environment and think before you print this email.
--
This is the RPG programming on the IBM i / System i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/rpg400-l.
--
This is the RPG programming on the IBM i / System i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/rpg400-l.
As an Amazon Associate we earn from qualifying purchases.