Ibm crypto cards

From AS/four hundred to iSeries to System i to IBM i on Power

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Relentless Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be every so often serious, frequently playful and probably down-proper useless all within the area of an afternoon.

How to delete first X facts the usage of IBM i SQL


Cryptography isnt the art of maintaining lifeless our bodies in a crypt

I have to admit to being a bit baffled by using cryptography, records encryption and all that SSL nonsense… so this become very thrilling to read:

Question: I want some help. I actually have AS/400 F20 in crucial web site and approximately 30 terminals and PC linked to it by means of several HDLC lines or X.25 satellite tv for pc lines. I’m searching out corporations presenting cryptographic modems, cryptographic cards, ciphering programs or different answers supplying security on this device.

Answer: For AS/four hundred, there are 2 exceptional cryptography merchandise to be had. The first is Cryptographic Support/400. This is software implementation of the DES. It carries round 10-12 API verbs for encipher/decipher, PIN features, MAC functions, and a few key management. The 2d product is the Cryptographic Processor, function 2620 (or 2628) along with PRPQ IBM Common Cryptographic Architecture Services/400. This is a hardware implementation of DES. On V3R1, the RSA public key algorithm is likewise supported. The PRPQ contains CL commands for initializing and beginning the choices processor, ninety nine API verbs, and key garage. The API is a superset of IBM’s Common Cryptographic Architecture and includes guide for encipher/decipher, MAC features, MDC, PIN functions, digital signatures, and Key control together with ANSI X9.17.

Both products have US Export restrictions. Generally, they may only be exported to economic establishments or US subsidiaries. Feature 2628 is to be had, however, for clients that are not one of the above. Feature 2628 makes use of Commercial Data Masking Facility (CDMF) for the choices statistics privateness verbs.

For PC’s, there are a number of encryption merchandise to be had. The IBM Workstation Security Services Program together with the Cryptographic Adapter offer the same assist and API as the choices PRPQ and Cryptographic Processor for AS/400.

Here’s a short description of IBM’s crypto product presenting:

IBM Cryptographic Support/400 Version three Program Number 5763-CR1The IBM* Cryptographic Support/four hundred program provides support for the encryption and decryption of records and centers to assist the choices consumer in dealing with cryptographic keys. The encryption and decryption are executed in accordance with the American National Standard Data Encryption Algorithm/Data Encryption Standard (DEA/DES).

(Note: This reaction is now outdated. IBM’s Cryptography services had been drastically revised).

Question: Does everyone recognise if PGP (Pretty Good Privacy) has been ported to the choices AS/400? (requested 2/6/ninety six)

Answer 1. I’ve ported PGP 2.6.2 to my machine and recompiled maximum of the choices code. There are numerous objects that had to be completed if I am to make this package useful on the AS/400. They are as follows:

1. Resolve applications that didn’t collect for anything reason. (About four-6)2. Provide some form of coded man or woman set identification or conversion for the choices ASCII to EBCDIC hassle.3. Make the choices PGP features extra well matched with the choices AS/400 method for executing software program applications.four. Get some beta take a look at customers who want to check the choices heck out of this.As with Zimmerman’s PGP, supply could be supplied… No MI compiler could be wanted.

(Note: Steve was unable to finish the choices port right now and reputedly deserted the choices effort. He did, however, provide a very good lab at COMMON on using the PC version of PGP. More latest midrange-l discussions (8/99) imply renewed interest in use of this product, but no to be had port).

Question: Does anyone have any thoughts on the way to encrypt a report in this type of way that the AS/four hundred can decrypt it with out a user intervention?

Answer 1. How about a batch process on the choices PC that performs the choices encrypt, after which runs an ftp script. The script sends the report, then does a quote/rcmd to force the process on the 400. This technique can also provide notification on the four hundred that the file turned into obtained.

Answer 2. Another choice is to use a VPN over the choices Internet, the usage of NT PPTP on the choices server side and the choices PPTP (VPN) client that includes Windoze on the choices client aspect. The raw overall performance is not as desirable as a directly connection to our AS400 through the choices Internet thru our proxy server, however for stable get admission to to all of the offerings on our network, it works high-quality. Other VPN merchandise (which include the only from Checkpoint, maker of Firewall-1) ought to work as well.

Question: I have presently achieved a VPN setup for Host to Host connection, but in some way unluckily I’ve made a incorrect set of VPN configuration and proper now we can’t get entry to the choices AS/four hundred through any TCP/IP connection. How can we reset the VPN configuration, whilst to do that we ought to get entry to the CA Express Operation Navigator which it’s far one factor that we will’t doright now. Is there some other setup opportunity via 5250 consultation? (12/ninety nine)

Answer: Use the RMVTCPTBL command to do away with the choices filter rules you created on your line, you’ll need to do this from the choices console or a non – IP tool. This have to can help you go back to normal operation the use of the line.

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips