Up to Discussions in RPG Café

This Question is Answered

1 "correct" answer available (4 pts) 2 "helpful" answers available (2 pts)
20 Replies Last post: Sep 3, 2009 10:51 AM by scott_klement   1 2 Previous Next
Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009

Aug 24, 2009 5:12 AM

Encryption and RPGLE

Hello All,

Need your inputs on my requirement where in


  1. I need to encrypt a .CSV file in iSeries and e-mail it to someone (receiver) who is not using iSeries
  2. I need to share the key for decryption (sharing the key in the same e-mail sounds like I am diluting the purpose of encrypting the file ;-)
  3. I need to provide means to the reciever to decrypt and use the CSV.

The contents are eventually invoice data in CSV for the reciever to do further processing.

I evaluated the Cryptographic services API set for iSeries, I was able to achieve simple string encryption and decryption.


Thanks,
Prithiviraj

Tags: cryptographic_services, encryption
Click to view jtaylor@lcc's profile  
jtaylor@lcc
61 posts since
Jun 16, 2008
1. Aug 24, 2009 1:37 PM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE
We use a modified version of this: http://systeminetwork.com/article/pretty-simple-pretty-good-privacy
Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
2. Aug 25, 2009 12:24 AM Up Image in response to: jtaylor@lcc
Re: Encryption and RPGLE
Looks like I need to be a pro VIP member for accessing that article, which I am not.

Will you be able to help by posting the code /article.?
Click to view barbara_morris's profile  
barbara_morris
96 posts since
Nov 13, 2008
3. Aug 25, 2009 9:07 AM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE
The material on System i Network's site is copyrighted. Please avoid making any requests on this site that would violate the copyright of another site, either by asking for copyrighted material to be posted here, or by asking for copyrighted material to be sent by email.
Click to view jtaylor@lcc's profile  
jtaylor@lcc
61 posts since
Jun 16, 2008
4. Aug 25, 2009 9:43 AM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE
I can tell you that the encryption is done in Java, that is called by RPG. The actual encryption is provided by a tool available at http://www.bouncycastle.org. I'm afraid that's about all I can do for you.
Click to view scott_klement's profile  
scott_klement
47 posts since
Mar 27, 2009
5. Aug 25, 2009 1:15 PM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE

An easy way to provide encryption is with the 7-zip utility. This is an open source (free) utility that's available for most major platforms. On IBM i, you can run it in PASE as described in the following article (you shouldn't need any special membership to read this):

http://systeminetwork.com/article/7-zip-running-i

Once you have 7-zip running in PASE, you would issue the following command to create a file that's encrypted with a strong AES cipher (this is a PASE command-line call)

7z a -t7z encryptedfile.7z -p+secretpasswordhere+ inputfile.csv

replace +secretpasswordhere +with the password you'd like to use for your encryption. You will need to give this password to whomever receives the file. I suggest using the telephone or postal mail to notify them rather than e-mail.

On a Windows system (most likely the target?) they can use the 7-Zip GUI from the following site to unpack/decrypt the file:

http://www.7-zip.org/

On a Unix/Linux system, you can get p7zip (the same thing you have on IBM i) that doesn't provide a GUI, but does provide a command-line interface:

http://sourceforge.net/projects/p7zip/

Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
6. Aug 26, 2009 8:44 AM Up Image in response to: scott_klement
Re: Encryption and RPGLE

Thanks Scott: Great Article 7ZIP sounds to be a great solution, I am in the midst of putting it to use.

  1. I followed your installation steps and did a ADDLNK OBJ('/usr/local') NEWLNK('/qopensys/usr/local')
  2. I tried issuing 7z in a QP2TERM terminal I ran into a error (attached)
  3. I tried navigating into /USR/LOCAL/BIN and issued 7z I ran into libstdc++.so.6 error for which you said we need GCC compiler.

Pl help me with point 2


Attachments:
Click to view scott_klement's profile  
scott_klement
47 posts since
Mar 27, 2009
7. Aug 26, 2009 6:34 PM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE
I'm not exactly sure how much I need to explain, so I'll give you a brief explanation, but if you need more information, just ask.

Unix shells (including those in PASE, as well as QShell) use an environment variable called PATH to determine where to look for a program. You can think of PATH as being similar to a *LIBL -- except that it's made of IFS path names instead of libraries. Another difference is that PATH is only used to locate PROGRAMS, it's not used for files, data areas, or any of that other stuff we get with *LIBL.


Anyway, PATH consists of a list of IFS directories separated by colons. To see what your PATH is right now inside QP2TERM, type the following:


echo $PATH


The "echo" utility prints stuff on the screen. Any time you see a dollar sign ($) it means "insert variable value here". So "echo $PATH" means "insert the value of the PATH variable -- then print it."


I should also note that PATH is case-sensitive. It must be all uppecase "PATH", not "path".


It sounds like you put 7z in /usr/local/bin, but /usr/local/bin isn't in your PATH, so it's not looking there for program names. An easy way to fix that is to do:


export PATH=$PATH:/usr/local/bin


So this changes the value of PATH. It inserts the current PATH value (again, using the dollar sign) and adds :/usr/local/bin to the end. after running that command, it should find 7z -- but that'll only work until you exit PASE, because you only changed it for the current session. Now there are many approaches to changing it so that /usr/local/bin is always in your PATH -- but I don't want to try to explain every possibility, so I'll just give you one way.


display your existing path, and copy/paste it into Notepad or something like that.


Then add :/usr/local/bin to the end.


Then run the following command from the standard (not PASE) command line:


*ADDENVVAR ENVVAR(PASE_PATH) VALUE('whatever you want in your path') LEVEL(*SYS)*


For example:


*ADDENVVAR ENVVAR(PASE_PATH) VALUE('/QOpenSys/usr/bin:/usr/ccs/bin:/QOpenSys/usr/bin/X11:/usr/sbin:.:/usr/bin:/usr/local/bin:/usr/local/Zend/Core/bin:/usr/local/mysql/mysql/bin:/usr/local/bin') LEVEL(*SYS)*


On my system, I've added /usr/local/bin, but I've also added Zend Core and MySQL... hope you get the idea. Anyway, once you've set the PASE_PATH (like PATH, this name is case-sensitive) you should sign-off and back on again for this to take effect. From that point on, it should always find programs in /usr/local/bin automatically.

Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
8. Aug 27, 2009 12:32 AM Up Image in response to: scott_klement
Re: Encryption and RPGLE
  1. Thanks a ton for all your help Scott.

    Sorry, I was blindly applying fullsense to those 5 steps in your site

    Would you please consider adding "setting path" as 6th step, So you don't have to answer another person like me http://www-949.ibm.com/software/rational/cafe/images/emoticons/wink.gif
  2. Thanks jtaylor@lcc for your help as well.
Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
9. Aug 27, 2009 3:52 AM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE-CCSID issue
  1. Encrypted a .CSV in iSeries (7z a -t7z encryptedfile.7z -pPa55word 00027.csv
  2. FTPed .7Z (tried both .ZIP and .7Z) file to windows, used GUI to Open/Decrypt it using the password
  3. It opened but contents are scrambled / junk

  1. Tried to extract/Decrypt same file using 7z in IFS
  2. Did a WRKLNK + 5 on the CSV file it displayed but with a message "File CCSID Incorrect"

Original CSV CCSID was 37 and After applying 7Z Encryption and decryption CSV has CCSID as 819

Could this be a reason for junk in windows? Any thoughts on fixing this?

Tried 7Z Encryption and decryption file on a .txt file everthing is fine..
Click to view scott_klement's profile  
scott_klement
47 posts since
Mar 27, 2009
10. Aug 27, 2009 5:22 PM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE-CCSID issue

7-Zip is Unix software and therefore doesn't understand CCSIDs. It treats your file as a binary file.

If the file is garbage when it's extracted on Windows, it's because your original CSV file was CCSID 37! 37 is EBCDIC and most Windows software is not designed to handle EBCDIC.

Please don't expect 7-zip to somehow know that you really wanted ASCII and translate the data for you. It will do archiving and encrypting, but it doesn't do mind reading or reformatting of your file. It's a Unix utiilty, and therefore is not CCSID aware. It treats all files as if they are binary files (just as Windows does). Therefore, the CCSID on the output archive is irrelevant. CCSIDs are irrelevant on binary files.

How are you creating the original CSV?

Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
11. Aug 28, 2009 1:16 AM Up Image in response to: scott_klement
Re: Encryption and RPGLE-CCSID issue

  1. I am using CPYTOIMPF for creating CSV.
  2. I also tried to hand code a CSV in windows, FTP to iSeries and tried 7zip still it comes out as garbage
  3. 37 equates to U.S. EBCDIC, 819 equates to U.S. AIX ASCII, 437 equates to U.S. ASCII PC

I totally agree 7zip is a UNIX/AIX s/w and I could see CCSID 819 on the archives.

I may be wrong or this may be lame, Can the UNIX flavour of 7zip we installed in iSeries produce an archive which the WINDOWS flavour of 7z can open or use?

Your thoughts ?
Click to view scott_klement's profile  
scott_klement
47 posts since
Mar 27, 2009
12. Aug 28, 2009 12:24 PM Up Image in response to: Prithiviraj
Re: Encryption and RPGLE-CCSID issue
7-Zip is working perfectly, and doing exactly what you told it to. It is taking your input file and encrypting it. On the windows size, it is restoring your file exactly as it was on the iSeries. It is doing everything perfectly.

Yet, you keep blaming it for your problem.


Your problem is that your CSV file is EBCDIC. Windows doesn't understand EBCDIC. Stop creating your CSV file as EBCDIC, and create it as ASCII


Delete your CSV file and re-create it. On CPYTOIMPF, specify the STMFCODPAG(1252)

Click to view scott_klement's profile  
scott_klement
47 posts since
Mar 27, 2009
13. Aug 28, 2009 4:37 PM Up Image in response to: scott_klement
Re: Encryption and RPGLE-CCSID issue
Here's what I did:

Create the CSV file... Make sure the STMFCODPAG parameter specifies an ASCII code page, because I need the Windows users to be able to read it.


CPYTOIMPF FROMFILE(CUSTMAS) 
          TOSTMF('/home/klemscot/custmas.csv') 
          STMFCODPAG(1252) 
          RCDDLM(*CRLF) 
          RMVBLANK(*BOTH)


Enter PASE shell

CALL QP2TERM

Archive/Encrypt the CSV file:

7z a -pchickenpox -t7z custmas.7z custmas.csv

Then I FTP the file to my PC. I was careful to use binary mode during the FTP process.

From Windows, I click Start -> All Programs -> 7-Zip -> 7-Zip File Manager

I navigate to the custmas.7z file, and double-click it until it asks me for a password. I enter "chickenpox" (matching the -p I used when encrypting it) and it unpacks it as I expect... works just fine.

Click to view Prithiviraj's profile  
Prithiviraj
21 posts since
May 25, 2009
14. Aug 31, 2009 1:41 AM Up Image in response to: scott_klement
Re: Encryption and RPGLE-CCSID issue
I am not blaming 7Z, please dont get me wrong.

Here is what you said when I asked about CCSID issue

Therefore, the CCSID on the output archive is irrelevant. CCSIDs are irrelevant on binary files

Now you want me use ASCII STMFCODPAG

STMFCODPAG(1252)

WIKI says Codepage is inside CCSID

WIKI:At a very simplistic level, you can think of a CCSID as a Swiss Army knife and
a code page as the screwdriver attachment


Pl help me understand this better how come its not a CCSID issue and changing codepage solves the problem ?

Go to original post 1 2 Previous Next

Actions

More Like This

Bottom Banner