You can use the QC3ENCDT API to encrypt data. Whether it's appropriate to "encrypt a database file" is a different kind of question, though. Data stored in a database file can be meaningful to encrypt -- it may be necessary to store encrypted data in spaces larger than the unencrypted data which can mean using variable-length fields.
Splat's question is appropriate. Exactly what needs to be encrypted? Is this going to be restored/decrypted in another AS/400 with similar capabilities? Or is this only for secure off-site storage?
Tom
We have third party software that produces a file that is currently uploaded to a bank via their web page. The concern from the auditors is that the file may be manipulated by one of our users. Since a set of users needs to have permissions to update it (Ap Department) and another set needs read permission to be able to upload it to the bank. They want us to automate the process utilizing ftp instead of the web page. They also want the data encrypted as it resides on our system after it is created.
FTP to your bank can be secured either through SSL or SFTP (BTW, I suspect the bank's web page is secure (https).
As for limiting and/or controlling access, encryption is a cumbersome process. You would be better served - and, I believe, your auditor's goals achieved - by securing the file object, either through explicit grants of authority to a user or through an authorisation list.
Thanks Splat.
Thats the road I am going down. If I can secure the file so that the users jobs won't blow up with not enough authority but also not allowing them to change the data once it has been written. Then secure FTP it. Our users want to get away from uploading via banks web site as it takes their interaction. I can automate secure FTP.
Thanks again
Jeff
Is SFTP cababilities on the iSeries something that has to be purchased and licensed from IBM or is it just available? Our iSeries os is V6R1. Thanks Jeff
Is SFTP cababilities on the iSeries something that has to be purchased and licensed from IBM or is it just available?
The sftp utility is part of the 5733SC1-IBM Portable Utilities product. The product should be on your install media (if it's not already installed on your system.) It's no-charge.
Tom
I'm quite late on this one but do any of you know how to set secure envelope on a file, bank file. Nordea (Bank) also require SFTP communication but first the file must be encrypted with their digital certificate and the answer must be decrypted. If we need any third party software please let me know if you can advise me on which.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 9  Replies