IBMi (AS400) fans only : Encrypting/Decrypting data with RpgFree & SQL embedded

By -

 


#IBMiSample

Compile and Run this SQLRPGLE. This is an explanation how to encrypt/decrypt data in a DB2 table using RpgFree & SQL embedded.



      **free
      ************************************************
      * Encrypting/Decrypting data with SQL embedded *
      * Encrypt/decript example with                 *
      * ENCRYPT_AES                                  *
      * ENCRYPT_RC2                                  *
      * ENCRYPT_TDES                                 *
      *                                              *
      * DECRYPT_BIT                                  *
      ************************************************
       ctl-opt
       option(*nodebugio) dftactgrp(*no) actgrp(*new);

       dcl-s encryptionPassword VARCHAR(128);
       dcl-s p0                     CHAR(10);
       dcl-s p1                     CHAR(10);
       dcl-s p2                     CHAR(10);
       dcl-s p3                     CHAR(10);

       // The EXEC SQL is never executed. It is used at compile time.
       exec sql Set Option Commit = *none;
       // Create File
       exec sql
         create or replace table TABLE1
           (F0TEXT VARCHAR(010),
            F1_AES VARCHAR(128) FOR BIT DATA,
            F2_RC2 VARCHAR(128) FOR BIT DATA,
            F3TDES VARCHAR(128) FOR BIT DATA,
            PRIMARY KEY(F0TEXT))
            ON REPLACE DELETE ROWS ;

       encryptionPassword = 'kljhasdflkjhasdf';
       exec sql SET ENCRYPTION PASSWORD = :encryptionPassword ;
       // Insert a row
       EXEC SQL INSERT INTO TABLE1
         VALUES ('aaaa', ENCRYPT_AES( '111111111') ,
                         ENCRYPT_RC2( '222222222') ,
                         ENCRYPT_TDES('333333333')) ;
       // Insert another row
       EXEC SQL INSERT INTO TABLE1
         VALUES ('bbbb', ENCRYPT_AES( 'xxxxxxxxx') ,
                         ENCRYPT_RC2( 'yyyyyyyyy') ,
                         ENCRYPT_TDES('zzzzzzzzz')) ;


       exec sql close C1;
       exec sql open C1;

       // Read recordset without decription
       dow Sqlcode = 0;
         exec sql fetch C1 into :p0, :p1, :p2, :p3;
         if sqlcode = 0;
           dsply p1;
           dsply p2;
           dsply p3;
         endif;
       enddo;
       exec sql close C1;

       exec sql close C2;
       exec sql open C2;
       // Read recordset with decription
       dow Sqlcode = 0;
         exec sql fetch C2 into :p0, :p1, :p2, :p3;
         if sqlcode = 0;
           dsply p1;
           dsply p2;
           dsply p3;
         endif;
       enddo;
         exec sql close C2;

       *inlr = *on;

       // Read recordset without decription
       exec sql declare C1 cursor for
         SELECT F0TEXT,
                F1_AES,
                F2_RC2,
                F3TDES
         FROM TABLE1;
       exec sql declare C2 cursor for
         SELECT F0TEXT,
                DECRYPT_BIT(F1_AES),
                DECRYPT_BIT(F2_RC2),
                DECRYPT_BIT(F3TDES)
         FROM TABLE1; 


I appreciate all the comments made on this blog.

Comments

  1. TobbeApril 4, 2022 at 8:21 AM

    If just the word AS/400 was replaced with IBM i, I should add this great article to my daily newsletter about IBM i.. www.builtonpower.com/newsletters

    ReplyDelete
    Replies
    1. Aldo SUCCIApril 4, 2022 at 8:38 AM

      Hallo Tobbe.

      Thanks for your comment.

      It is true, the right name is IBM i, but AS/400 is the name of the grandfather, you may not know it but in Italy it is traditional to replicate the name of the grandfather in newborns ;-) especially if the grandfather was a great grandfather !

      You can explain yourself in your blog why even today a lot of programmers still call it AS/400, due to the efficiency and reliability of the IBM i system that comes from the grandfather.

      Delete
    2. Aldo SUCCIApril 14, 2022 at 3:41 PM

      Hallo Tobbe. I partially accepted your advice, I changed the title of the post with IBMi (AS400) fans only ;-)

      Delete
  2. UnknownApril 7, 2022 at 9:00 PM

    encryptionPassword is set on code as a literal. It's an insecure practice. What is a secure way to manage encryptionPassword?

    ReplyDelete
    Replies
    1. Aldo SUCCIApril 8, 2022 at 12:00 PM

      I don't know any other ways. If there is anyone who knows other ways he is asked to show up.

      In the way I showed in this post, the object must be compiled with the *NOLSTDBG option to not show the source in the debug phase (STRDBG PGMNAME).

      Delete

Post a Comment

Popular posts from this blog

(IBM i fans only) Efficient WRKSPLF with WSF - How to Search string into spooled files, Sort, and Generate PDFs on IBMi

By -
Image
Searching Spooled Files Made Easy: A Unique Solution Managing spooled files efficiently is crucial for users dealing with numerous rows of print data. IBM's WRKSPLF command provides a standard way to interact with spooled files, but it lacks certain features that can significantly enhance user experience. In this article, we'll delve into a powerful functionality that IBM doesn't offer — the ability to search among spooled file lists. Our goal is to highlight the advantages of this capability and introduce a practical solution. The Limitations of Standard WRKSPLF While the WRKSPLF command is a handy tool for working with spooled files, it falls short in certain aspects. One prominent limitation is the inability to search efficiently through the list of spooled file rows. Users often find it challenging to quickly locate specific files based on criteria like creation date, status, or content. Introducing a Unique Solution: WSF (WorkSpooledFiles) To address the limitations of...
Read more

(IBM i fans only) Detecting and Handling Non-Printable Characters in DB2 SQL Using LOCATE() and REPLACE() Functions

By -
Image
When working with DB2 SQL on the IBMi platform, one of the challenges we might encounter is dealing with non-printable characters in our data. These are characters that don't have a direct representation on a standard keyboard and can cause display programs to crash if not handled properly. For this example, we'll be working with the CLANA00F file, which contains customer data. You can find details on how to create this file on my blog post here . Non-printable characters can sneak into our records for various reasons, and to prevent issues, we can run an SQL query that uses the LOCATE() function. This function returns the position of the first occurrence of a substring within a string, allowing us to detect these problematic characters. Suppose we have a customer name with a non-printable character, specifically the EBCDIC '0D' character, which corresponds to the "Carriage Return" (CR) control character in ASCII. To find this character in our records, we can ...
Read more

(IBM i fans only) How to Sniff User Access

By -
Image
If you need to monitor user access on your IBM i system, you can use SQL to query the history log. Note: At the end of this post, you'll find a request directly addressed to you, the readers. Here’s a simple example of how you can do this: SELECT MESSAGE_ID,        MESSAGE_TIMESTAMP,        FROM_USER,        MESSAGE_TEXT     FROM TABLE (             QSYS2.HISTORY_LOG_INFO()         )     WHERE message_id IN ('CPF1164', 'CPF1124')           AND FROM_USER IN ('QSECOFR', 'QSYS', 'QSYSOPR')     ORDER BY MESSAGE_TIMESTAMP In this query: - QSYS2.HISTORY_LOG_INFO(): This function retrieves information from the history log. -  message_id IN ('CPF1164', 'CPF1124') : Filters the results to include only specific message IDs, which indicate sign-on and sign-off events. - FROM_USER in ('QSECOFR', 'QSYS', 'QSYSOPR'): Filters the resu...
Read more