Did you know you can encrypt an indexed file?

Question ID : 291
Created on 2018-04-17 at 2:54 AM
Author : Veryant Support [support@veryant.com]

Online URL : http://support.veryant.com/support/phpkb/question.php?ID=291


With isCOBOL it's possible to encrypt an indexed file.
Encryption of indexed files is supported by the following file systems:

- JISAM
- CTREEJ

It's possible to mix encrypted file with non encrypted files, as needed.
Below you can find the instructions to activate encryption for each file system.


JISAM

To activate encryption on a file when using JISAM, you need to add the "with encryption" clause to the SELECT statement of the file, after the "organization" clause.
For example change the select statement from 

       select FILE1 assign to "IndexedFile"
           organization indexed
           access dynamic
           record key f1-key
           status file-status
           .
to 
       select FILE1 assign to "IndexedFile"
           organization indexed
           WITH ENCRYPTION
           access dynamic
           record key f1-key
           status file-status
           .
You then need to specify the encryption key by adding the following configuration property 
iscobol.file.encryption.key=your-key

The configuration property must be set to a value different from spaces, otherwise a file mismatch error is raised. The encryption key can be up to 16 characters long. The Blowfish algorithm is used to encrypt data. If an encrypted file is opened for input or i-o with the wrong encryption key, then a file corrupt error is raised. If the encryption key is not set in the configuration, opening an encrypted file produces a 9X status.
To encrypt an existing file, the file must be converted. The simplest way to encrypt a file is using the ISMIGRATE utility.

Select JISAM for "From" and "To" file system

Press Next
Select the file to encrypt

And press next

Select the destination folder and make sure the "Enable encryption" check-box is set and specify the encryption key, which must be the same value in the configuration property iscobol.file.encryption.key. Follow the wizard steps.
Now you have the encrypted version of the file.
When using utilities that access an encrypted indexed file, the encryption key must be passed either in the command line, where supported, or in the configuration file.

CTREEJ

C-ctree can handle encryption without any code change, but just needs configuration changes.
iscobol configuration file or ctree-conf configuration file can be used to control encryption settings.
The isCOBOL configuration is only used by cobol programs or isCOBOL utilities, while the ctree-conf configuration file is used by isCOBOL programs and the c-tree utilities.

isCOBOL configuration

Use the following configuration properties to configure encryption: 

iscobol.file.index.encrypt=1
With this property every file is encrypted.
To encrypt only the selected file, an instance of c-tree must be created by adding the following property 
iscobol.file.index.maxinstance=2
The value must reflect the number of instances created by c-tree. In this case it is 2 because there is the default instance (instance 0) and the encrypted instance (instance 1). 
iscobol.file.index.1.server=FAIRCOMS@127.0.0.1
Is the definition of instance 1 (encrypted instance), the server can be the same as the default instance. The settings of instance 0 (default instance) is omitted in this sample since the defaults are used. 
iscobol.file.index.1.file_mapping=IndexedFile1
Is the list of the file included into the instance 1. Multiple names must be separated by commas. Wildcards are supported. The files not included in this list will use instance 0 
iscobol.file.index.1.encrypt=1
Activate encryption on instance 1

C-tree conf

In your configuration file add the following configuration property 
iscobol.ctree.new_config=0
and configure the ctree.conf file as below to encrypt all files 

   
      yes
Or use the configuration below to encrypt a single file 

   
      
         yes
To encrypt an existing file, the file must be converted.
The simplest way to encrypt a file is using the command line version of the ISMIGRATE utility.
First create a specific configuration file with the following properties 
iscobol.file.index.encrypt=1
iscobol.ismigrate_no_directories=1
iscobol.ismigrate_input_file_index=ctreej
iscobol.ismigrate_output_file_index=ctreej
and use the following command line statements 
iscmigrate c:/encryption/test/IndexFile1 c:/encryption/test/encrypted/IndexFile1

Back to Original Question