Kbase P109663: How to Store and Transport SECURITY-POLICY attributes
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
06/10/2005 |
|
Status: Unverified
GOAL:
How to Store and Transport SECURITY-POLICY attributes
GOAL:
How to Store and Transport Encryption information
GOAL:
How to obtain SECURITY-POLICY information needed to Decrypt
FACT(s) (Environment):
OpenEdge 10.x
FIX:
Open Edge documentation states that Generation, Storage, and Transportation of the SECURITY-POLICY values needed to decrypt encrypted information is solely the responsibility of the programmer.
The 4GL provides functions that allow the programmer to generate SECURITY-POLICY values and then Encrypt and Decrypt information based on the values.
You must use the same cryptographic algorithm, initialization vector, and encryption key values to encrypt and decrypt the same data instance. For example, data encrypted with a specific SYMMETRIC-ENCRYPTION-ALGORITHM and SYMMETRIC-ENCRYPTION-KEY can only be decrypted by an OpenEdge session that has the same values for those SECURITY:POLICY Attributes.
There are many ways to accomplish the storage and transportation of this SECURITY-POLICY information, some more secure than others. This solution details one way to Store and Transport this information from the Encrypting client to the Decrypting client.
This solution suggests using one procedure to Encrypt and Decrypt a specific data instance. This way the cryptographic algorithm, initialization vector, and encryption key values are all local to the procedure. The Encrypted data instance can then be stored in the database.
This way, the Encrypting and Decrypting clients must have access to the procedure to perform the tasks. To make it even securer, the procedure itself could be encrypted using the XCODE utility.