Database field encryption has traditionally been very difficult and time-consuming to implement on IBM i. In the past, major application changes would have to be made to expand database field sizes and implement complicated API calls to encrypt/decrypt data. In contrast, the design of Crypto Complete allows organizations to encrypt fields quickly and effectively using its intuitive screens and proven technology.
With Crypto Complete's innovative "Field Encryption Registry", you can simply indicate the database fields to encrypt within your database files. When a field is "activated" in the Registry, Crypto Complete will perform a mass encryption of the current values for that field. Crypto Complete can then automatically encrypt the field values on an ongoing basis as new database records are added and when existing field values are changed. The automated encryption function in Crypto Complete's Field Encryption Registry will eliminate the need to make changes to your application programs for data encryption.
If DB2 Field Procedures (available in IBM i V7R1) are utilized in Crypto Complete, the values can also be automatically decrypted without program changes. Otherwise, simple program changes can be made to decrypt values using Crypto Complete's APIs.
You can optionally modify your applications to encrypt data through program (API) calls to Crypto Complete's encryption procedures and programs. Crypto Complete also includes stored procedures and SQL functions, which can be called from within native applications or other external clients (i.e. graphical or web-based front ends) for encryption/decryption.
IBM i database fields can be protected in Crypto Complete using either AES and TDES encryption algorithms. Both of these algorithms follow standard (non-proprietary) specifications as published by the United States National Institute of Standards and Technology (NIST). AES and TDES are widely used for protecting highly sensitive data and complying with PCI DSS, HIPAA and State Privacy laws.
For AES encryption, you can choose between the key lengths of AES128, AES192 and AES256.
You can encrypt almost any IBM i DB2 database field with Crypto Complete. Field encryption examples:
Encrypted database fields are secured with Data Encryption Keys (DEK) which are managed through Crypto Complete's integrated Key Management system. Only authorized users will have the ability to decrypt data and gain access to the full or masked values. Decryption of any data can be fully audited in Crypto Complete, which will log the user id, date, time, job information and key utilized.
The IBM i is also referred to as System i, iSeries, AS/400, AS400 and i5