Register FAQ Memberlist Search Linoma Software Forum Index

Linoma Software Forum Index -> Crypto Complete -> Version 2.20 (1/28/2010)
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic 
Version 2.20 (1/28/2010)
PostPosted: 02/04/10 11:37:13 AM Reply with quote
Support
Site Admin
 
Joined: 12 Mar 2004
Posts: 376
Location: Omaha, NE


******************************************************************************
If you already have CRYPTO COMPLETE installed on your System i (iSeries) and
want to see your current installed version, run the command:

DSPDTAARA CRYPTO/VERSION

******************************************************************************

Please read the Crypto Complete manuals for complete details on any of the enhancements listed below.

Version 2.20 (1/28/2010)

ENHANCE: Added a new option to the DEKRTVVAL (DEK values can be retrieved)
parameter on the Key Policy to allow the export of a Data
Encryption Key (DEK) only if the DEK is encrypted with a Key
Encryption Key (KEK). This new option is named *KEK. This
allows organizations to securely export and transport DEKs to
other systems.

ENHANCE: On the EXPSYMKEY command, added the ability to export a Data
Encryption Key (DEK) and encrypt it with a Key Encryption
Key (KEK). When encrypting the DEK, the mode used is CBC with
no padding. This export is allowed if the global policy setting
of DEKRTVVAL (DEK values can be retrieved) is set to *KEK
or *YES.

ENHANCE: On the CRTSYMKEY command, added the ability to manually create
a Data Encryption Key (DEK) that is encrypted with a Key
Encryption Key (KEK) when GENOPT(*MANUAL) is specified.

ENHANCE: When adding an alert with the ADDCCALR command, allow the user
to specify the category of *ALL. This will capture all
monitored admin events in Crypto Complete including key
policy changes, key management activities, authority errors, etc.

ENHANCE: When adding an alert with the ADDCCALR command, allow the user
to specify the action of *PTGLOG, which will send the audit
messages to a Protegrity Log Server. When setting up the alert,
the user will need to specify the host, port number and the
client application (if using SSL).

ENHANCE: When adding an alert with the ADDCCALR command, allow the user
to specify the action of *SYSLOG, which will send the audit
messages to a SYSLOG Server using RFC standards. When setting
up the alert, the user will need to specify the host, source
port, destination port, log facility and log severity.

ENHANCE: When adding a field to the field encryption registry, allow
specifying *REMOTE for the DBFLD field parameter. This allows
encrypting and storing values from other systems for support of
tokenization. When *REMOTE option is specified, then the values
must be stored externally with the STREXTFILE(*YES) option.

ENHANCE: Added new HTTP services, primarily to support tokenization.
This allows remote systems to access Crypto Complete functions
over HTTP/s to store and retrieve data. Read the new HTTP guide
for more details.

FIX: When activating a field in the registry, and if unable to add
triggers to the file, then change the status of the field entry
to *ERROR and do not remove the external file.

FIX: On the CRTSYMKEY command with GENOPT(*MANUAL), ensure that the
length of the key entered matches the required length for the
encryption algorithm. For instance, AES256 requires that the
key is exactly 32 bytes in length.

FIX: On the ACTMLTSBM (Activate Field Multi Submit) command:

> Get an exclusive lock on the database file before attempting to
activate the field.
> Allow running it over a an empty database file.
> Allow running it when there are less records in the file than
the number of JOBS selected. If that is the case, then use just
one job to encrypt the records.

FIX: On the DCTFLDENC (Deactivate Field Encrypt) command, get an
exclusive lock on the external file before attempting to
deactivate the field.

FIX: When updating or deleting a field in an external file, indicate
the index# within the error messages when the record cannot
be found.

FIX: When using the GetEncFld, GetEncFldMask or GetEncFldAuth
procedures, indicate the index# within the error message when
the record cannot be found.

Version 2.10 (10/29/2009)

ENHANCE: Created new encryption save/restore commands which are up to
2 times faster than previous commands. The new commands are:

- ENCSAVOBJ (Encrypt/Save Object) - replaces ENCOBJ
- DECRSTOBJ (Decrypt/Restore Object) - replaces DECOBJ
- ENCSAVLIB (Encrypt/Save Library) - replaces ENCLIB
- DECRSTLIB (Decrypt/Restore Library) - replaces DECLIB

The encrypted libraries/objects can be targeted to the IFS
or a tape device. The user can specify either a password or
a key for the encryption process. Please note that the new
save/restore commands (ENCSAV*, DECRST*) are not compatible
with the older save/restore (ENCOBJ, DECOBJ, ENCLIB, DECLIB)
commands.

ENHANCE: Doubled the speed of the ACTFLDENC (Activate Field Encryption)
command when performing a mass encryption of fields that are
100 bytes or less. This will minimize the downtime on the
database file during the activate process.

ENHANCE: Doubled the speed of the DCTTFLDENC (Deactivate Field Encryption)
command when performing a mass decryption of fields that are
100 bytes or less. This will minimize the downtime on the
database file during the deactivate process.

ENHANCE: Change the maximum field size that can be encrypted from 31744
to 32766 bytes.

ENHANCE: Increased the speed of the ACTMLTSBM command by breaking up the
file records into even counts.

ENHANCE: Changed the ACTMLTSBM command to start the external index at
1 (and incrementing sequentially) instead of using the RRN of
the record.

FIX: Change the maximum field size (for the encrypted value) from 1971
to 32624 bytes when using an external file and storing both the
last retrieved information and the hash value.

FIX: When returning the masked value for a numeric field, include the
negative sign on the right side if the value is negative and
occupies the entire field length.

FIX: Fixed SQL functions F_GetEncFldChr, F_GetEncFldMaskChr and
F_GetEncFldAuthChr to return an error when an invalid
Field Identifier is specified.

FIX: When a new Key Store is created, log the journal entry with the
audit type of 08 (not 06).

FIX: When deactivating a field using an external file and validating
the keys used for decryption, place double quotes around the
external library/file names. This allows for using library/file
names that contain special characters, such as a period.
View user's profile Send private message Send e-mail Visit poster's website
Version 2.20 (1/28/2010)
  Linoma Software Forum Index -> Crypto Complete
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 6 Hours  
Page 1 of 1  

  
  
 This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.  



Powered by phpBB 2.0.6 © 2001-2003 phpBB Group Style created by Vjacheslav Trushkin