IBMi (AS400) fans only ' Encrypting/Decrypting data with RpgFree & SQL embedded

-

 


#IBMiSample

Compile and Run this SQLRPGLE. This is an explanation how to encrypt/decrypt data in a DB2 table using RpgFree & SQL embedded.



      **free
      ************************************************
      * Encrypting/Decrypting data with SQL embedded *
      * Encrypt/decript example with                 *
      * ENCRYPT_AES                                  *
      * ENCRYPT_RC2                                  *
      * ENCRYPT_TDES                                 *
      *                                              *
      * DECRYPT_BIT                                  *
      ************************************************
       ctl-opt
       option(*nodebugio) dftactgrp(*no) actgrp(*new);

       dcl-s encryptionPassword VARCHAR(128);
       dcl-s p0                     CHAR(10);
       dcl-s p1                     CHAR(10);
       dcl-s p2                     CHAR(10);
       dcl-s p3                     CHAR(10);

       // The EXEC SQL is never executed. It is used at compile time.
       exec sql Set Option Commit = *none;
       // Create File
       exec sql
         create or replace table TABLE1
           (F0TEXT VARCHAR(010),
            F1_AES VARCHAR(128) FOR BIT DATA,
            F2_RC2 VARCHAR(128) FOR BIT DATA,
            F3TDES VARCHAR(128) FOR BIT DATA,
            PRIMARY KEY(F0TEXT))
            ON REPLACE DELETE ROWS ;

       encryptionPassword = 'kljhasdflkjhasdf';
       exec sql SET ENCRYPTION PASSWORD = :encryptionPassword ;
       // Insert a row
       EXEC SQL INSERT INTO TABLE1
         VALUES ('aaaa', ENCRYPT_AES( '111111111') ,
                         ENCRYPT_RC2( '222222222') ,
                         ENCRYPT_TDES('333333333')) ;
       // Insert another row
       EXEC SQL INSERT INTO TABLE1
         VALUES ('bbbb', ENCRYPT_AES( 'xxxxxxxxx') ,
                         ENCRYPT_RC2( 'yyyyyyyyy') ,
                         ENCRYPT_TDES('zzzzzzzzz')) ;


       exec sql close C1;
       exec sql open C1;

       // Read recordset without decription
       dow Sqlcode = 0;
         exec sql fetch C1 into :p0, :p1, :p2, :p3;
         if sqlcode = 0;
           dsply p1;
           dsply p2;
           dsply p3;
         endif;
       enddo;
       exec sql close C1;

       exec sql close C2;
       exec sql open C2;
       // Read recordset with decription
       dow Sqlcode = 0;
         exec sql fetch C2 into :p0, :p1, :p2, :p3;
         if sqlcode = 0;
           dsply p1;
           dsply p2;
           dsply p3;
         endif;
       enddo;
         exec sql close C2;

       *inlr = *on;

       // Read recordset without decription
       exec sql declare C1 cursor for
         SELECT F0TEXT,
                F1_AES,
                F2_RC2,
                F3TDES
         FROM TABLE1;
       exec sql declare C2 cursor for
         SELECT F0TEXT,
                DECRYPT_BIT(F1_AES),
                DECRYPT_BIT(F2_RC2),
                DECRYPT_BIT(F3TDES)
         FROM TABLE1; 


I appreciate all the comments made on this blog.

Comments

  1. TobbeApril 4, 2022 at 8:21 AM

    If just the word AS/400 was replaced with IBM i, I should add this great article to my daily newsletter about IBM i.. www.builtonpower.com/newsletters

    ReplyDelete
    Replies
    1. Aldo SUCCIApril 4, 2022 at 8:38 AM

      Hallo Tobbe.

      Thanks for your comment.

      It is true, the right name is IBM i, but AS/400 is the name of the grandfather, you may not know it but in Italy it is traditional to replicate the name of the grandfather in newborns ;-) especially if the grandfather was a great grandfather !

      You can explain yourself in your blog why even today a lot of programmers still call it AS/400, due to the efficiency and reliability of the IBM i system that comes from the grandfather.

      Delete
    2. Aldo SUCCIApril 14, 2022 at 3:41 PM

      Hallo Tobbe. I partially accepted your advice, I changed the title of the post with IBMi (AS400) fans only ;-)

      Delete
  2. UnknownApril 7, 2022 at 9:00 PM

    encryptionPassword is set on code as a literal. It's an insecure practice. What is a secure way to manage encryptionPassword?

    ReplyDelete
    Replies
    1. Aldo SUCCIApril 8, 2022 at 12:00 PM

      I don't know any other ways. If there is anyone who knows other ways he is asked to show up.

      In the way I showed in this post, the object must be compiled with the *NOLSTDBG option to not show the source in the debug phase (STRDBG PGMNAME).

      Delete

Post a Comment

Popular posts from this blog

IBMi (AS400) fans only ‘ Memories (IBM Coding Forms)

-
Image
 IBM Coding Forms Oh mom! No, not my sweet, sweet natural mom, but IBM, the mother of us RPG programmers. The adventure with IBM began way back in 1992 when my friend said to me: "They need smart guys at a software house in Cesena!" And thanks to my dear friend, I ended up there, amidst the hills, good wine, Piadina Romagnola, and fresh pasta! It was December, and the company was an IBM partner. They asked me to take a course followed by an exam at IBM in Bologna. If I passed the test, they would hire me. Boom! Just 20 days later, there I was, at work! I started tinkering with the legendary IBM S/36 - today considered an informatics relic, but I swear, back then, it was a powerful machine! The first program I wrote, believe it or not, was on paper provided by the ancient scribes of IBM. Yes, I handwrote a program on paper. It felt more like a grandma's recipe than the result of my hard-earned studies! The "boss" said: "It looks decent, but load it onto the
Read more

IBMi (AS400) fans only ' SQLCODE values: Dear readers, unleash your suggestions!

-
Image
This RPG code uses a DOU loop to fetch data from a cursor named C1 until the SQLCODE is not equal to 0, indicating the end of the recordset. Inside the loop, it clears a data structure (RecordDsC1), fetches data into it, and then checks if the fetch was successful. If successful, it assigns values and writes to an output file. After the loop, it checks if the SQLCODE is not 100, indicating unexpected termination, and displays a warning message if needed. // Loop until SQLCODE is not equal to 0 dow sqlCode = 0 ;   // Clear the data structure RecordDsC1   clear RecordDsC1;   // Fetch data into RecordDsC1 using cursor C1   exec sql fetch C1 into :RecordDsC1;   // If fetch was successful (SQLCODE = 0)   if sqlcode = 0 ;     // Assign values and write to output     W1QUEU = rDsW1QUEU;     write W1SF1;   endif; enddo; // Check if SQLCODE is not 100 (indicating unexpected termination) if sqlCode <> 100;   // Build a warning message   wMsg='Warning: +    The selection has terminated
Read more

Efficient WRKSPLF with WSF: How to Search string into spooled files, Sort, and Generate PDFs on IBMi

-
Image
Searching Spooled Files Made Easy: A Unique Solution Managing spooled files efficiently is crucial for users dealing with numerous rows of print data. IBM's WRKSPLF command provides a standard way to interact with spooled files, but it lacks certain features that can significantly enhance user experience. In this article, we'll delve into a powerful functionality that IBM doesn't offer — the ability to search among spooled file lists. Our goal is to highlight the advantages of this capability and introduce a practical solution. The Limitations of Standard WRKSPLF While the WRKSPLF command is a handy tool for working with spooled files, it falls short in certain aspects. One prominent limitation is the inability to search efficiently through the list of spooled file rows. Users often find it challenging to quickly locate specific files based on criteria like creation date, status, or content. Introducing a Unique Solution: WSF (WorkSpooledFiles) To address the limitations of
Read more