RXS_Crypt()
This subprocedure performs cryptographic operations like hashing and encryption. Currently supported operations are:
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
- AES128
- AES192
- AES256
For AES encryption, block modes ECB, CBC, and CTR are supported.
Subprocedure Prototype
|
Returns the output of the specified hashing/crytographic operation. |
|
Field to hold the input of the selected hashing/crytographic operation. You can pass a field smaller than 16M without any additional effort. |
|
Holds settings which control how RXS_Crypt operates. This parm can accomodate a number of possible data structures, listed below. |
Example Code
**FREE
// This example code calculates an MD5 hash from a character field.
Ctl-Opt ActGrp(*New) BndDir('RXSBND');
/COPY QRPGLECPY,RXSCB
Dcl-Ds MD5DS LikeDS(RXS_MD5CryptDS_t);
Dcl-S Data Like(RXS_Var1Kv_t);
Dcl-S Hash Like(RXS_Var1Kv_t);
Data = 'Hello World';
RXS_ResetDS( HashMD5DS : RXS_DS_TYPE_MD5CRYPT );
Hash = RXS_Crypt( Data : HashMD5DS );
RXS_JobLog( 'Hash: %s' : Hash ); // Output: Hash: B10A8DB164E0754105B7A99BE72E3FE5
return;
**FREE
// This example code performs AES128 encryption on an ISO88591 string
Ctl-Opt ActGrp(*New) BndDir('RXSBND');
/COPY QRPGLECPY,RXSCB
Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t);
Dcl-S Input Like(RXS_Var1Kv_t);
Dcl-S Output Like(RXS_Var1Kv_t);
Input = 'abc';
RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT );
AESDS.PadInput = RXS_YES;
AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM;
AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC;
AESDS.EncryptDecrypt = RXS_ENCRYPT;
// We're providing the input string in our job CCSID but we want
// RXS_Crypt to convert it to the ISO88591 equivalent and then
// encrypt. If you plan to exchange data with non-IBM i systems
// this is usually the route you'll want to go, though you may
// instead need to encrypt as UTF-8 by using RXS_CCSID_UTF8.
AESDS.InputCCSID = RXS_CCSID_JOB;
AESDS.EncryptAsCcsid = RXS_CCSID_ISO88591;
AESDS.Key128 = x'00000000000000000000000000000000';
AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN;
AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_NONE;
AESDS.InitializationVector = x'00000000000000000000000000000000';
// After encryption, the Output field will contain a binary string with the hex
// value: d29999ea2b049ae79cb86ba27b1a5f55
Output = RXS_Crypt( Input : AESDS );
// RXS_JobLog will attempt to treat this as a string which will lead to
// the output looking like garbage characters.
RXS_JobLog( 'Encrypted output: %s' : Output );
// The easiest way to view and verify the encryption worked correctly is
// to look at the value of the Output field in debug in hex mode.
// Using STRDBG, you would view Output in hex mode by typing in this:
//
// eval Output:x 50
return;
**FREE
// This example code performs AES128 decryption on an ISO88591 string
Ctl-Opt ActGrp(*New) BndDir('RXSBND');
/COPY QRPGLECPY,RXSCB
Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t);
Dcl-S Input Like(RXS_Var1Kv_t);
Dcl-S Output Like(RXS_Var1Kv_t);
// We have a sequence of hex bytes and not a string to decrypt
Input = x'd29999ea2b049ae79cb86ba27b1a5f55';
RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT );
// Any non-IBM i system you work with isn't going to deal with data in EBCDIC so
// RXS_Crypt is set up to facilitate handling conversion to/from non-EBCDIC
// character sets. In this case the string is in ISO8859-1, so we indicate
// that here:
AESDS.InputCcsid = RXS_CCSID_ISO88591;
AESDS.EncryptAsCcsid = RXS_CCSID_ISO88591;
// Indicate that we're performing decryption and not encryption
AESDS.EncryptDecrypt = RXS_DECRYPT;
AESDS.PadInput = RXS_YES;
AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM;
AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC;
AESDS.Key128 = x'00000000000000000000000000000000';
AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN;
// Make sure you set the key CCSID appropriately
AESDS.KeyCCSID = RXS_CCSID_JOB;
// For output generally RXS_CRYPT_PADOUTPUT_CHAR is what you should use.
// This will make RXS_Crypt pad the output with null bytes, which is typically
// what you want.
AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_CHAR;
AESDS.InitializationVector = x'00000000000000000000000000000000';
// After encryption, the Output field will contain a binary string with the hex
// value: 616263
// This corresponds to the ISO88591 characters 'abc' as expected.
Output = RXS_Crypt( Input : AESDS );
// RXS_JobLog will attempt to treat this as a string which will lead to
// the output looking like garbage characters.
RXS_JobLog( 'Decrypted output: %s' : Output );
// The easiest way to view and verify the encryption worked correctly is
// to look at the value of the Output field in debug in hex mode.
// Using STRDBG, you would view Output in hex mode by typing in this:
//
// eval Output:x 50
return;
**FREE
// This example code performs AES128 encryption on an EBCDIC string
Ctl-Opt ActGrp(*New) BndDir('RXSBND');
/COPY QRPGLECPY,RXSCB
Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t);
Dcl-S Input Like(RXS_Var1Kv_t);
Dcl-S Output Like(RXS_Var1Kv_t);
Input = 'abc';
RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT );
AESDS.PadInput = RXS_YES;
AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM;
AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC;
AESDS.EncryptDecrypt = RXS_ENCRYPT;
// We're providing the input as our job CCSID, and we want it encrypted
// using EBCDIC CCSID 37. This is rarely something you want to do when you
// will be exchanging encrypted data with other non-IBM i systems as most
// other systems will expect to be working with ISO88591 or UTF-8 data.
AESDS.InputCCSID = RXS_CCSID_JOB;
AESDS.EncryptAsCCSID = RXS_CCSID_EBCDIC;
AESDS.Key128 = x'00000000000000000000000000000000';
AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN;
AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_NONE;
AESDS.InitializationVector = x'00000000000000000000000000000000';
// After encryption, the Output field will contain a binary string with the hex
// value: 81743865f4a9ce13349d67f5642fd971
Output = RXS_Crypt( Input : AESDS );
// RXS_JobLog will attempt to treat this as a string which will lead to
// the output looking like garbage characters.
RXS_JobLog( 'Encrypted output: %s' : Output );
// The easiest way to view and verify the encryption worked correctly is
// to look at the value of the Output field in debug in hex mode.
// Using STRDBG, you would view Output in hex mode by typing in this:
//
// eval Output:x 50
return;Data Structures
|
|
|
|
|
|
|
|
|
Optional IFS stream file to use as input data for hash operation. |
|
CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf. Default Value: |
|
CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8. Default Value: |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
|
|
|
|
|
|
|
|
Determines which SHA algorithm/block size to use when hashing. Valid Values:
|
|
Optional IFS stream file to use as input data for hash operation. |
|
CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf. Default Value: |
|
CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8. Default Value: |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
|
|
|
|
|
|
|
|
Determines which AES algorithm to use when encrypting. Valid Values:
|
|
Determines which AES block mode to use when encrypting. Valid Values:
|
|
Specifies whether input data should be encrypted or decrypted. Valid Values:
|
|
AES standard requires that input data be exactly divisible into block lengths of 16 - specify this value as RXS_YES if you'd like RXS to perform this padding automatically, or to RXS_NO if you are manually padding the input data. Valid Values:
|
|
If PadInput is set to RXS_YES, the hex byte value in this field will be used for padding the input data. Default Value: |
|
Specifies if output data should be padded, and which padding method to use. Valid Values:
Default Value: |
|
If OutputPadOption is set to RXS_CRYPT_PADOUTPUT_CHAR, the hex byte value in this field will be used for padding the output data. Default Value: |
|
The data format of the encryption key. Currently only binary keys are fully supported. Valid Values:
Default Value: |
|
The encryption key to be used for AES256. Only the Key### field matching your AES algorithm needs to be specified. |
|
The encryption key to be used for AES192. Only the Key### field matching your AES algorithm needs to be specified. |
|
The encryption key to be used for AES128. Only the Key### field matching your AES algorithm needs to be specified. |
|
Initialization vector used for optional additional randomization. If this value is not null, both the encrypting party and the decrypting party need to know this value. |
|
CCSID of input data. Used when the input data is of a different CCSID than the job CCSID. Not necessary if using InputStmf. Default Value: |
|
When performing encryption, this field will specify the CCSID in which the data should be encrypted. If this value is different than the InputCcsid value, the data will be converted before encryption. When performing decryption, this field will specify the CCSID of the data that was encrypted. Default Value: |
|
Specify the CCSID of the encryption key. Used when the key is of a different CCSID than the job CCSID. If this value is different than the EncryptAsCcsid value, the data will be converted before encryption/decryption. Default Value: |
|
Optional IFS stream file to use as input data for encryption/decryption. |
|
Optional IFS stream file where encrypted/decrypted output will be written. |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |
|
Internal use only |