Skip to Content

Did you know you can encrypt an indexed file?

Estimated Reading Time: 3 Minutes

With isCOBOL it's possible to encrypt an indexed file.
Encryption of indexed files is supported by the following file systems:

- JISAM
- CTREEJ

It's possible to mix encrypted file with non encrypted files, as needed.
Below you can find the instructions to activate encryption for each file system.


JISAM

To activate encryption on a file when using JISAM, you need to add the "with encryption" clause to the SELECT statement of the file, after the "organization" clause.
For example change the select statement from

       select FILE1 assign to "IndexedFile"
           organization indexed
           access dynamic
           record key f1-key
           status file-status
           .
to
       select FILE1 assign to "IndexedFile"
           organization indexed
           WITH ENCRYPTION
           access dynamic
           record key f1-key
           status file-status
           .
You then need to specify the encryption key by adding the following configuration property
iscobol.file.encryption.key=your-key

The configuration property must be set to a value different from spaces, otherwise a file mismatch error is raised. The encryption key can be up to 16 characters long. The Blowfish algorithm is used to encrypt data. If an encrypted file is opened for input or i-o with the wrong encryption key, then a file corrupt error is raised. If the encryption key is not set in the configuration, opening an encrypted file produces a 9X status.
To encrypt an existing file, the file must be converted. The simplest way to encrypt a file is using the ISMIGRATE utility.

Select JISAM for "From" and "To" file system

Press Next
Select the file to encrypt

And press next

Select the destination folder and make sure the "Enable encryption" check-box is set and specify the encryption key, which must be the same value in the configuration property iscobol.file.encryption.key. Follow the wizard steps.
Now you have the encrypted version of the file.
When using utilities that access an encrypted indexed file, the encryption key must be passed either in the command line, where supported, or in the configuration file.

CTREEJ

C-ctree can handle encryption without any code change, but just needs configuration changes.
iscobol configuration file or ctree-conf configuration file can be used to control encryption settings.
The isCOBOL configuration is only used by cobol programs or isCOBOL utilities, while the ctree-conf configuration file is used by isCOBOL programs and the c-tree utilities.

isCOBOL configuration

Use the following configuration properties to configure encryption:

iscobol.file.index.encrypt=1
With this property every file is encrypted.
To encrypt only the selected file, an instance of c-tree must be created by adding the following property
iscobol.file.index.maxinstance=2
The value must reflect the number of instances created by c-tree. In this case it is 2 because there is the default instance (instance 0) and the encrypted instance (instance 1).
iscobol.file.index.1.server=FAIRCOMS@127.0.0.1
Is the definition of instance 1 (encrypted instance), the server can be the same as the default instance. The settings of instance 0 (default instance) is omitted in this sample since the defaults are used.
iscobol.file.index.1.file_mapping=IndexedFile1
Is the list of the file included into the instance 1. Multiple names must be separated by commas. Wildcards are supported. The files not included in this list will use instance 0
iscobol.file.index.1.encrypt=1
Activate encryption on instance 1

C-tree conf

In your configuration file add the following configuration property
iscobol.ctree.new_config=0
and configure the ctree.conf file as below to encrypt all files
<config>
   <instance server="FAIRCOMS@127.0.0.1" connect="no">
      <encrypt>yes</encrypt>
   </instance>
</config>
Or use the configuration below to encrypt a single file
<config>
   <instance server="FAIRCOMS@127.0.0.1" connect="no">
      <file name="IndexedFile1">
         <encrypt>yes</encrypt>
      </file>
   </instance>
</config>
To encrypt an existing file, the file must be converted.
The simplest way to encrypt a file is using the command line version of the ISMIGRATE utility.
First create a specific configuration file with the following properties
iscobol.file.index.encrypt=1
iscobol.ismigrate_no_directories=1
iscobol.ismigrate_input_file_index=ctreej
iscobol.ismigrate_output_file_index=ctreej
and use the following command line statements
iscmigrate c:/encryption/test/IndexFile1 c:/encryption/test/encrypted/IndexFile1
Did you know you can encrypt an indexed file?