Did you know you can encrypt an indexed file?
Estimated Reading Time: 3 MinutesWith isCOBOL it's possible to encrypt an indexed file. Encryption of indexed files is supported by the following file systems:
- JISAM - CTREEJIt's possible to mix encrypted file with non encrypted files, as needed. Below you can find the instructions to activate encryption for each file system.
JISAM
To activate encryption on a file when using JISAM, you need to add the "with encryption" clause to the SELECT statement of the file, after the "organization" clause. For example change the select statement from
select FILE1 assign to "IndexedFile" organization indexed access dynamic record key f1-key status file-status .to
select FILE1 assign to "IndexedFile" organization indexed WITH ENCRYPTION access dynamic record key f1-key status file-status .You then need to specify the encryption key by adding the following configuration property
iscobol.file.encryption.key=your-key
The configuration property must be set to a value different from spaces, otherwise a file mismatch error is raised. The encryption key can be up to 16 characters long. The Blowfish algorithm is used to encrypt data. If an encrypted file is opened for input or i-o with the wrong encryption key, then a file corrupt error is raised. If the encryption key is not set in the configuration, opening an encrypted file produces a 9X status. To encrypt an existing file, the file must be converted. The simplest way to encrypt a file is using the ISMIGRATE utility. Select JISAM for "From" and "To" file system
Press Next Select the file to encrypt And press nextSelect the destination folder and make sure the "Enable encryption" check-box is set and specify the encryption key, which must be the same value in the configuration property iscobol.file.encryption.key. Follow the wizard steps. Now you have the encrypted version of the file. When using utilities that access an encrypted indexed file, the encryption key must be passed either in the command line, where supported, or in the configuration file.
CTREEJ
C-ctree can handle encryption without any code change, but just needs configuration changes. iscobol configuration file or ctree-conf configuration file can be used to control encryption settings. The isCOBOL configuration is only used by cobol programs or isCOBOL utilities, while the ctree-conf configuration file is used by isCOBOL programs and the c-tree utilities.
isCOBOL configuration
Use the following configuration properties to configure encryption:
iscobol.file.index.encrypt=1With this property every file is encrypted. To encrypt only the selected file, an instance of c-tree must be created by adding the following property
iscobol.file.index.maxinstance=2The value must reflect the number of instances created by c-tree. In this case it is 2 because there is the default instance (instance 0) and the encrypted instance (instance 1).
iscobol.file.index.1.server=FAIRCOMS@127.0.0.1Is the definition of instance 1 (encrypted instance), the server can be the same as the default instance. The settings of instance 0 (default instance) is omitted in this sample since the defaults are used.
iscobol.file.index.1.file_mapping=IndexedFile1Is the list of the file included into the instance 1. Multiple names must be separated by commas. Wildcards are supported. The files not included in this list will use instance 0
iscobol.file.index.1.encrypt=1Activate encryption on instance 1
C-tree conf
In your configuration file add the following configuration propertyiscobol.ctree.new_config=0and configure the ctree.conf file as below to encrypt all files
<config> <instance server="FAIRCOMS@127.0.0.1" connect="no"> <encrypt>yes</encrypt> </instance> </config>Or use the configuration below to encrypt a single file
<config> <instance server="FAIRCOMS@127.0.0.1" connect="no"> <file name="IndexedFile1"> <encrypt>yes</encrypt> </file> </instance> </config>To encrypt an existing file, the file must be converted. The simplest way to encrypt a file is using the command line version of the ISMIGRATE utility. First create a specific configuration file with the following properties
iscobol.file.index.encrypt=1 iscobol.ismigrate_no_directories=1 iscobol.ismigrate_input_file_index=ctreej iscobol.ismigrate_output_file_index=ctreejand use the following command line statements
iscmigrate c:/encryption/test/IndexFile1 c:/encryption/test/encrypted/IndexFile1