DSFunction to encrypt a value

parvathi · Post by **parvathi** » Tue Feb 13, 2007 6:12 am

Hi all ,
Is there any functionIn Datastage to encrypt a value in the server routine

ArndW · Post by **ArndW** » Tue Feb 13, 2007 7:44 am

There is no direct function. If you only need a 1-way method to encrypt a value you can use the CRC32 function pretty effectively; but if you need to decrypt the encoded value back to the original then you need to use another method.

Mathematically there are a number of well-known, documented and easily implemented solutions out there - ranging from pretty secure trapdoor encryption using large primes to ultra secure DES routines that you can call to encrypt data. You can even use the builtin UNIX encrypt and decrypt in external calls if you wish.

If you tell us how secure this needs to be and and how you intend to use it you might get some better advice.

parvathi · Post by **parvathi** » Wed Feb 14, 2007 1:07 am

the secnario that i want to use the decrypt function is i will getting one parameter i will check the parameter type if encrpyted then i want to encrypt its value

if i use crc32 function the output will be a some unique number key right

ray.wurlod · Post by **ray.wurlod** » Wed Feb 14, 2007 1:56 am

Mostly unique

parvathi · Post by **parvathi** » Wed Feb 14, 2007 3:14 am

ArndW wrote: Mathematically there are a number of well-known, documented and easily implemented solutions out there - ranging from pretty secure trapdoor encryption using large primes to ultra secure DES routines that you can call to encrypt data. You can even use the builtin UNIX encrypt and decrypt in external calls if you wish.

can you please tell the routine name and sample one line code to use these functions

ArndW · Post by **ArndW** » Wed Feb 14, 2007 4:16 am

Parvati - no, I can't do that, because there is no built-in routine name and no means of calling it in just one line, unless your UNIX has "crypt" and "decrypt" executables from the command line.

You haven't mentioned how secure this needs to be. A very simple BASIC routine using a the builtin random number generator and a common seed will generate a good encryption for obfuscation, but the generated data wouldn't stand up to any professional attempts at decryption.

jhmckeever · Post by **jhmckeever** » Wed Feb 14, 2007 9:09 am

Parvati,

As Arnd suggested above, we've previously used a wrapped stage around the unix 'crypt' command which does a nice (if not extremely secure) job of obfuscating the data presented on stdin. Just configure the encryption key as a parameter and if you don't have a requirement for very secure encryption then this works nicely.

You could probably use 'makekey' to improve the encryption, or as an alternative you could create a BuildOp around the crypt function available in the standard C library.

HTH,
J.

ray.wurlod · Post by **ray.wurlod** » Wed Feb 14, 2007 2:27 pm

Not in a server job you haven't!

parvathi · Post by **parvathi** » Fri Feb 16, 2007 12:47 am

ArndW wrote:
You haven't mentioned how secure this needs to be. A very simple BASIC routine using a the builtin random number generator and a common seed will generate a good encryption for obfuscation, but the generated data wouldn't stand up to any professional attempts at decryption.

For logging the information of the job i read he job get its paramres.If it's type is encrpypted the i have to encrpypt it.

It need not be so secure.

As i am a novice user to Datastage I am not understading the way to use them .
can please elaborate on this?

ray.wurlod · Post by **ray.wurlod** » Fri Feb 16, 2007 1:27 am

If the parameter is encrypted you do not need to do anything to it. Just pass it along to the relevant place (such as the Password field in a database stage).

In particular, the encryption algorithm is not published so that you can not expect to decrypt it.

Naturally with enough effort you could decrypt it and create a function on the basis of what you discovered about the encryption algorithm, but it's almost certainly not worth the effort.

parvathi · Post by **parvathi** » Fri Feb 16, 2007 6:49 am

[quote="ray.wurlod"]If the parameter is encrypted you do not need to do anything to it. Just pass it along to the relevant place (such as the Password field in a database stage).

quote]

when i am trying to get a parameter of type encrypted from the atached job even though the value is encrypted i could see th value clearly

Since i am writing the parameters of the job attached the value that I have seen is not encrypted

ArndW · Post by **ArndW** » Fri Feb 16, 2007 7:25 am

parvathi wrote:...when i am trying to get a parameter of type encrypted from the atached job even though the value is encrypted i could see th value clearly...

You cannot see the value of an encrypted parameter in cleartext. What you may be doing is looking at a value in a sequence that you then pass as an encrypted parameter to a job. But once inside that job the encrypted value is obfuscated.

chulett · Post by **chulett** » Fri Feb 16, 2007 7:29 am

How about you explain exactly how you are fetching these encrypted values that gets you the unencrypted values? And then explain what you are doing with them afterwards? More than just 'getting' and 'writing' please.

Rather than all this, perhaps you should just not record any 'encrypted' values? Or perhaps replace them with all stars - '*******'? Without knowing the ultimate fate of this work, it's hard to make coherent suggestions.

chulett · Post by **chulett** » Fri Feb 16, 2007 7:30 am

You two need to learn how to quote.