Data Encryption Business Function

Hi All,
Anyone here did some business function on how to encrypt the parameter values? for example. Document number will send as input, then the output should be encrypted data. If you have a sample code for that, please send me a copy. I don't have experience in C++ as per the oracle B0800760 BFN is the sample bfn with encryption key, but hard to read for me since a have very minimal idea in C++. If anyone here can give some explanation or sample code with same function and small explanation of each procedures that will be very helpfull for me to solve my problem. btw, we are using E-one 8.10

Thanks in advance.

Tools Release 8.94 has introduced two new APIs jdeEncryptWKey and jdeDecryptWKey to perform encryption and decryption of data using the TripleDES encryption algorithm.

I checked the API and Business functions guide and found details about the two APIs and examples of usage (attached). Hope that helps.

Thanks, this is very usefull.

Does anyone know what the value of int eVPTripeDES from this sample code is suppose to be?

type=eEVPTripleDES;

Thanks
Rob

Based on JDEKDFN.H ...

enum tagEncryptType {
eDESInvalidType = 0,
eEVPTripleDES = 1
} ;

so the value is 1

Pretty smart. I missed that one.

One more problem I'm running into. Since I want to create a BSFN that has inputs and outputs and I want to control what to encrypt and decrypt. When the data is encrypted in the BYTE variable. i.e. BYTE EncryptedData.

How can I move that BYTE variable into a JCHAR variable or vise versa
jdeStrcpy((BYTE *)(&EncryptedData),
(JCHAR *) &lpDS->szParameterStringInput);

Cannot seem to be able to typecast the BYTE var and get a proper compile. I'm missing something since I normally do not work with BYTE Vars.

Thanks
Rob

Rob,

It may be cleanest to allocate a BYTE buffer, peform the encryption into that buffer, then memcpy that buffer to your output string.

For decryption, allocate a BYTE buffer, memcpy the encrypted data (which is in the form of a JCHAR array in your BSFN datastructure) into the byte array and run the decrypt API.

After a quick test, this seems to work without buffering...
<font class="small">Code:</font><hr /><pre>
if (lpDS->cAction == _J('E'))
{
iInSize = jdeStrlen(lpDS->szString);
jdeEncryptWKey((BYTE*)lpDS->szEncrypted, &iOutSize, lpDS->szString, iInSize, lpDS->szKey, jdeStrlen(lpDS->szKey), 1);

}
if (lpDS->cAction == _J('D'))
{
iInSize = jdeStrlen(lpDS->szEncrypted)*sizeof(JCHAR);
jdeDecryptWKey(lpDS->szString, &iOutSize, (BYTE*)lpDS->szEncrypted, iInSize, lpDS->szKey, jdeStrlen(lpDS->szKey), 1);
}
</pre><hr />


Craig

Another thing to remember, if you are encrypting strings (or any data type for that matter), you are not going to get a string back, you are going to simply get back an encrypted byte array. If you want a string representation of your encrypted data you will most likely have to base64 encode/decode the encrypted byte array.

Craig,

I got everything in the business function working with parms and the whole deal. Everything works great when moving data around in an application for testing. I increased my database field sizes to account for the new encrypted field lenght. But now I just realized when passing the encrypted data value back to the application for database update i.e. "ᣋ㟖". I cannot seem to perform a file update with that value from inside the form application.

Do I need to setup something special in data dictionary for these kind of fields?

See logs below..

Thanks
Rob

sql update from jdedebug.log. I'm not sure why the characters are all funny.

UPDATE XXDTA810/F5542199 SET CE3C='' WHERE (CEDOCO = 7832.000000)


jde.log


5024/5064 FOREIGN_THREAD Fri Jun 04 15:58:33.353029 Jdbodbc.c8337
ODB0000163 - wSQLExecute failure. rc=-1

5024/5064 FOREIGN_THREAD Fri Jun 04 15:58:33.353031 Jdbodbc.c8337
ODB0000164 - STMT:00 [22018][30200] [IBM][iSeries Access ODBC Driver]Column 8: CWBNL0107 - Converted 8 bytes, 4 errors found beginning at offset 0

5024/5064 FOREIGN_THREAD Fri Jun 04 15:58:33.353033 Jdbodbc.c8337
ODB0000164 - STMT:01 [22018][30019] [IBM][iSeries Access ODBC Driver]Error in assignment.

5024/5064 FOREIGN_THREAD Fri Jun 04 15:58:33.353036 Jdb_drvm.c982
JDB9900401 - Failed to execute db request

5024/5064 FOREIGN_THREAD Fri Jun 04 15:58:33.353038 Jdb_exet.c3007
JDB3600011 - Failed to perform Update for F5542199

Like I said in an earlier post in this thread. If you want a string representation of the encrypted data you will need to base64 encode the encrypted byte data.

If you encrypt a string with DES or triple DES, you won't get a string back. You will get back a bunch of encrypted bytes - this is not a valid string value. You have to then base64 encode the encrypted bytes which will give you an ascii string which you can then persist in a database or do what ever with. When you need to decrypt it, you will need to base64 decode the string which will give you your encrypted bytes and then decrypt the byte data which will result in your original string.

Oh, and to store the base64 encoded data will require even a larger field because 3 bytes results in 4 base64 encoded bytes.

How would I create a base64 encoded field in my file through the DD or a base64 encoded field in my business function?

I understand the reason/concept but not clear on how to create the field attributes. In the DD I see the following possibilities:

Code Description
1 Character
11 Date
15 Integer
17 Character (Blob)
18 Binary (Blob)
19 Binary
2 String
20 Variable String
55 PeopleSoft UTime
7 Identifier (ID)
9 Numeric



Thanks
Rob

Brian is, of course, right on with the encoding issue. What about using a Binary BLOB (type 18) in your table? I think you'd need to write/update your custom table record in your BSFN where you can do the JDB_SetBLOBSize and copy the byte array.

Craig is right, a BLOB field is the best solution if you don't need a string representation or the need to display the encrypted value or pass the value through APPL/UBE interconnects.

Just an FYI on the base64 stuff. I don't know if JDE provides any API's for doing base64 encoding - at least I never found any, there may be some buried some where. What I did when I needed base64 encoding/decoding was to use an open source library to create my own base64 encoding/decoding BSFN that I can use in JDE.

Base64 Encoding would use a string data type. Its up to you though to do the encoding / decoding. In addition there are the size issues (extra characters) as already pointed out. Google to find the algorithms used.

Brian,

After looking at all my code and running some more testing. I think the base64 conversion will work better for me even if it means increasing the size of my fields.

Is it possible to post or email me the base64 source code your using and how to call the open source from a BSFN.

Thanks for all your help, this has been educational to say the least. This is pretty complicated stuff when it is all put together.

Rob

[ QUOTE ]
Just an FYI on the base64 stuff. I don't know if JDE provides any API's for doing base64 encoding - at least I never found any, there may be some buried some where. What I did when I needed base64 encoding/decoding was to use an open source library to create my own base64 encoding/decoding BSFN that I can use in JDE.

[/ QUOTE ]

There is not a whole lot of documentation that goes with this, only what you find in the .h file. Keep in mind the string passed/returned is a ZCHAR so you will need to transcode between JCHAR/ZCHAR. Here is a code snippet on how to call:

D58FUP03_B64_ENCODE dsEnc = {0};
DSD58FUP03A dsEncF = {0};


dsEnc.nEncodedBytes = (jde_n_byte *)(&dsXfer.nSize);
dsEnc.src = (void *)pb;
dsEnc.srcSize = nBinSize;
dsEnc.dest = dsXfer.chunk;
dsEnc.destLen = sizeof(dsXfer.chunk);

dsEncF.idPtrHandle = jdeStoreDataPtr(hUser, (void *)&dsEnc);

jdeCallObject( _J("AcmeFxfer_b64_encode"), (LPFNBHVR)NULL, lpBhvrCom, lpVoid,
(void *)&dsEncF, (CALLMAP *)NULL, 0, (JCHAR *)NULL, (JCHAR *)NULL, 0);


Oh, and there is very little error checking, and by "little", I mean virtually none.

HI Rob - Were able to get this to work. I am able to Encrypt - write to a table and then decrypt. However, when I do this from an application, it throws web exception errors intermittently. Any help is highly appreciated. Thanks
SAM

E1 8.12

Hello Brian,

Could you help me out on implementing this Base64 code? Can you define for me what your dsXfer looks like? As well as the pb variable?

Thanks,
Steve

Hi,
I have a requirement where i get input a base64 encoded string and need to give back a decoded string. The above bsfn i understand is working with a prt Handle. how can i convert this to work with a string as input and output?

If you are talking about the BSFN above that I attached you would need to write a C BSFN that calls the BSFN above since the BSFN above can only be called by another C BSFN. Then follow the example above. Having said that I think JDE now has its own API calls you can use for encoding/decoding b64 data.

encodeB64
decodeB64

I have not used them since I have always used my BSFN above, but the preferred way would be to use the JDE provided API. Going forward should I ever need to deal with b64 data I would personally use the jde provided APIs.