Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

What options did you specify in the KGUP control card? With that information, I can try to help.

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

In KGUP Utility using CSFIN dataset, I Maintain (Option 1) ADD Functions with AES Algorithm and Key Type CLRAES labeled as TESTKEY with key values 854F539195C7B7A3. Dataset Values is:

ADD TYPE(CLRAES),

KEY(854F539195C7B7A3),

LAB(TESTKEY)

After executing JCL Code successfully with reason code 0, I use refresh (Option 4) to update ckds dataset (csf.csfckds). Now, I am unsure of how to apply this key for encrypting a field in a table.

What options did you specify in the KGUP control card? With that information, I can try to help.

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

In KGUP Utility using CSFIN dataset, I Maintain (Option 1) ADD Functions with AES Algorithm and Key Type CLRAES labeled as TESTKEY with key values 854F539195C7B7A3. Dataset Values is:

ADD TYPE(CLRAES),

KEY(854F539195C7B7A3),

LAB(TESTKEY)

After executing JCL Code successfully with reason code 0, I use refresh (Option 4) to update ckds dataset (csf.csfckds). Now, I am unsure of how to apply this key for encrypting a field in a table.

What options did you specify in the KGUP control card? With that information, I can try to help.

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

In KGUP Utility using CSFIN dataset, I Maintain (Option 1) ADD Functions with AES Algorithm and Key Type CLRAES labeled as TESTKEY with key values 854F539195C7B7A3. Dataset Values is:

ADD TYPE(CLRAES),

KEY(854F539195C7B7A3),

LAB(TESTKEY)

After executing JCL Code successfully with reason code 0, I use refresh (Option 4) to update ckds dataset (csf.csfckds). Now, I am unsure of how to apply this key for encrypting a field in a table.

What options did you specify in the KGUP control card? With that information, I can try to help.

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

In KGUP Utility using CSFIN dataset, I Maintain (Option 1) ADD Functions with AES Algorithm and Key Type CLRAES labeled as TESTKEY with key values 854F539195C7B7A3. Dataset Values is:

ADD TYPE(CLRAES),

KEY(854F539195C7B7A3),

LAB(TESTKEY)

After executing JCL Code successfully with reason code 0, I use refresh (Option 4) to update ckds dataset (csf.csfckds). Now, I am unsure of how to apply this key for encrypting a field in a table.

What options did you specify in the KGUP control card? With that information, I can try to help.

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

I wrote this code and merged it with the existing code.

=======================================================================================================
/* REXX SCRIPT TO ENCRYPT A DECIMAL(16) COLUMN IN DB2 */                
/* CONNECT RO DSNREXX*/                                                 
ADDRESS TSO 'SUBCOM DSNREXX'                                            
S_RC = RXSUBCOM('ADD','DSNREXX','DSNREXX')                              
ADDRESS DSNREXX                                                         
'CONNECT' 'DBAT'                                                        
SQLTS=,                                                                 
"SELECT ID FROM TST.TEST"                                              
"EXECSQL DECLARE S1 CURSOR FOR C1"                                      
"EXECSQL PREPARE S1 FROM :SQLTS"                                        
"EXECSQL OPEN C1"                                                       
"EXECSQL FETCH C1 INTO :FETCHED_DATA"                                   
/*CONVERT DECIMAL TO CHARACTER FOR ENCRYPTION */                        
CLEAR_TEXT = LEFT(FETCHED_DATA, 16) /* ENSURE 16-BYTE LENGTH */         
/* INITIALIZE ENCRYPTION PARAMETERS (SYE) */                            
/* THESE PARAMETERS SHOULD MATCH THE ONES USED IN YOUR ORIGINAL SCRIPT*/
  AES_DATA_KEY_LABEL = LEFT('TESTKEY',64)                               
  SYE_RC = 'FFFFFFFF'X                                                  
  SYE_RS = 'FFFFFFFF'X                                                  
  EXIT_DATA_LENGTH = '00000000'X                                        
  EXIT_DATA = ''                                                        
  SYE_RULE_ARRAY_COUNT = '00000003'X                                    
  SYE_RULE_ARRAY = 'AES' || 'CLRAES' || 'KEYIDENT' || 'ONLY'            
  SYE_KEY_LENGTH = '00000040'X                                          
  SYE_KEY_IDENTIFIER = AES_DATA_KEY_LABEL                               
  SYE_KEY_PARMS_LENGTH = '00000000'X                                    
 SYE_KEY_PARMS = ''                                                  
 SYE_BLOCK_SIZE = '00000010'X                                        
 SYE_INITIAL_VECTOR_LENGTH = '00000010'X                             
 SYE_INITIAL_VECTOR = '8EBFFE2B973B3121D3858699CB26AAC7'X            
 SYE_CHAIN_DATA_LENGTH = '00000020'X                                 
 SYE_CHAIN_DATA = COPIES('00'X,32)                                   
 SYE_CLEAR_TEXT_LENGTH = D2C(16,4)  /* ENCRYPTING 16 BYTES OF DATA */
 SYE_CLEAR_TEXT = CLEAR_TEXT                                         
 SYE_CIPHER_TEXT_LENGTH = D2C(16,4)                                  
 SYE_CIPHER_TEXT = COPIES('00'X,16)                                  
 SYE_OPTIONAL_DATA_LENGTH = '00000000'X                              
 SYE_OPTIONAL_DATA = ''                                              
/* CALL ENCRYPTION SERVICE CSNBSYE */                                
 ADDRESS LINKPGM 'CSNBSYE' ,                                         
                 'SYE_RC' ,                                          
                 'SYE_RS' ,                                          
                 'EXIT_DATA_LENGTH' ,                                
                 'EXIT_DATA' ,                                       
                 'SYE_RULE_ARRAY_COUNT' ,                            
                 'SYE_RULE_ARRAY' ,                                  
                 'SYE_KEY_LENGTH' ,                                  
                 'SYE_KEY_IDENTIFIER' ,                              
                 'SYE_KEY_PARMS_LENGTH' ,                            
                 'SYE_KEY_PARMS' ,                                   
                 'SYE_BLOCK_SIZE' ,                                  
                 'SYE_INITIAL_VECTOR_LENGTH' ,                       
                 'SYE_INITIAL_VECTOR' ,                              
                 'SYE_CHAIN_DATA_LENGTH' ,                       
                 'SYE_CHAIN_DATA' ,                              
                 'SYE_CLEAR_TEXT_LENGTH' ,                       
                 'SYE_CLEAR_TEXT' ,                              
                 'SYE_CIPHER_TEXT_LENGTH' ,                      
                 'SYE_CIPHER_TEXT' ,                             
                 'SYE_OPTIONAL_DATA_LENGTH' ,                    
                 'SYE_OPTIONAL_DATA'                             
  IF (SYE_RC \= '00000000'X) THEN                                
   DO                                                            
     SAY 'ENCRYPTION FAILED: RC =' C2X(SYE_RC) 'RS =' C2X(SYE_RS)
   END                                                           
 /* CONVERT ENCRYPTED DATA TO HEXADECIMAL REPRESENTATION */      
 ENCRYPTED_TEXT = C2X(SYE_CIPHER_TEXT)                           
 SAY ENCRYPTED_TEXT   

BUT I GET RC=0000008 WITH RS =0000007E0

------------------------------
Morteza Moradi

Original Message:
Sent: Mon July 29, 2024 05:51 PM
From: Eric Rossman
Subject: Encrypt One field from Table

------------------------------
Eric Rossman

Original Message:
Sent: Mon July 29, 2024 11:47 AM
From: Morteza Moradi
Subject: Encrypt One field from Table

In KGUP Utility using CSFIN dataset, I Maintain (Option 1) ADD Functions with AES Algorithm and Key Type CLRAES labeled as TESTKEY with key values 854F539195C7B7A3. Dataset Values is:

ADD TYPE(CLRAES),

KEY(854F539195C7B7A3),

LAB(TESTKEY)

After executing JCL Code successfully with reason code 0, I use refresh (Option 4) to update ckds dataset (csf.csfckds). Now, I am unsure of how to apply this key for encrypting a field in a table.

------------------------------
Morteza Moradi

Original Message:
Sent: Mon July 29, 2024 11:08 AM
From: Eric Rossman
Subject: Encrypt One field from Table

What options did you specify in the KGUP control card? With that information, I can try to help.

------------------------------
Eric Rossman

Original Message:
Sent: Mon July 29, 2024 10:39 AM
From: Morteza Moradi
Subject: Encrypt One field from Table

Hello everyone,
I am a new member of the community and a Master's student researching cryptography in DB2. My initial project involves encrypting and decrypting a field in a table, such as the ID column in a test table. I have generated a key using the KGUP utility, but I am unsure how to utilize this key. Can anyone assist me or provide sample code in REXX or COBOL? I am eager to understand this concept.

Thank you

------------------------------
Morteza Moradi
------------------------------