1.  Home
  2. MIDRANGE-L
  3. June 2005

Re: OS400 V5R3 - Field Level Encryption - Overview and Requirements

On Fri, 24 Jun 2005, Graap, Ken wrote:
>A quick question that hopefully will generate a quick answer....
>If "field" level encryption supported in OS400 V5R3?
>If so, does it require any hardware component?
>We wish to start encrypting information like customer's SSN. 

Quick answer is "yes".  You don't need hardware but you will need to use 
V5R3 SQL (and the SQL development toolkit 5722-ST1 is a chargeable 
license).  You will also need IBM Cryptographic Access Provider 128-bit 
product (5722-AC3) which is a no-charge product.

Information about Data Encryption is in the SQL Reference located in the 
InfoCenter. 
Here is some additional information: 
Encryption & Decryption 
Applications can now encrypt data such that each individual invocation can 
use a separate password. To retrieve the data, the application would 
decrypt the encrypted value using the same password. 

- Requires IBM Cryptographic Access Provider 128-bit product (5722-AC3)
- New functions
- ENCRYPT
- DECRYPT_BINARY, DECRYPT_BIT, DECRYPT_CHAR, DECRYPT_DB
- GETHINT

- ENCRYPT
Accepts a data string and password string along with an optional hint 
string. 
   INSERT INTO EMP(SSN) VALUES ENCRYPT(?111-11-1111?,?myPwd?) 
   INSERT INTO EMP(SSN) VALUES ENCRYPT(?111-11-1111?,?myPwd?,myHint?) 

- DECRYPT
   Returns a value that is the result of decrypting encrypted-data. The 
   password is either passed to the DECRYPT function or set with the SET 
   ENCRYPTION PASSWORD statement. 
   SELECT DECRYPT_CHAR(SSN, ?myPwd?) FROM EMP 
-or-
   SET ENCRYPTION PASSWORD=?myPwd? 
   SELECT DECRYPT_CHAR(SSN) FROM EMP 

- GETHINT
   Returns the password hint if one is found in the encrypted-data. 
   INSERT INTO EMP(SSN) VALUES ENCRYPT(?111-11-1111?, ?purple?,?Favorite 
   Color?) 
   SELECT GETHINT(SSN) FROM EMP would return ?Favorite Color? 

- Documentation: DB2 UDB for iSeries SQL Reference

I do not know any more about the subject (which I researched for a 
customer a couple of months ago).
Note that there is an interesting article in the March '05 MC MAG ONLINE 
entitled "System Sentinel: The Encryption Myth" by Pat Botz.
http://www.mcpressonline.com/mc?printarticle@xxxxxxxxxxxxxxxx@.6b22169d

Dan R. 
IBM iSeries i5 and AS/400 Technical Specialist

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.