DBU - Changing field values

Once I setup a field encryption entry with FieldProc.  Can I still use DBU to change the value without effecting the way the field is encrypted/decrypted.

Hello,

  Thank you for contacting our support team with your PowerTech Encryption inquiry.

You asked the following question - 

Once I setup a field encryption entry with FieldProc. Can I still use DBU to change the value without effecting the way the field is encrypted/decrypted.?

Answer - Once you activate a field using the field procedures, the field will be encrypted. Any profile or program that attempts to access the field to read or update it, the field proc will check the autorization list for the Full or Mask to determine if the user has permissions.

Auth. list for full value . . . XXXXXXX_FULL
Auth. list for masked value . . XXXXXXX_MASK

Let us know if you have any further questions.

--

PowerTech Support

We were once told that if we tried to DBU/400 a field to change the value instead of using a RPG program to change the field it would store the garbage encryption value instead of the intended changed value that would be encrypted.  Is that true with a different type of encryption style (API, Triggers, External file, etc...) and not FieldProc?

Darin,

  I am not aware of that.  But, let me asked our development if there is a differencein the results of the data that is being updated by DBU and a regular program. Before I can do that, I will need some information from you  -

• PowerTech Encryption Version
• IBM OS400 Version
• Do you have the two authorization list configured tha I previously pointed out?
• Does the user updating the filed have permissions via one of the authorization lists?

Thanks.

PowerTech Support

3.57

V7R2

I have two authorization list:

SSN#FULL SSN # Encryption FULL Access
SSN#MASK SSN # Encryption Masked Access

yes, that user is in FULL access list

Thank you. Let me check with our development team if indeed there is any difference between the way the DBU/400 and a regular program have any negative affect or difference in the way the data is updated to an encrypted field.  I will let you know their answer once I hear back from them.

--

PowerTech Support

Hi Dairin,
My support engineer contaced our developer regarding your inquiry.
He confirmed that most file viewer programs like DBU are using RPG programs too. It would help to know the context of the information. In a specific circumstance, where a screen of records are presented, the final record would be the most recently decrypted one. If a program were created in a way that let you change data in a different record on the screen without reading that record first, you could wind up with bad info in the file. This is a very rare type of situation. More important that anyone changing a field has full access to the data in that field. Be sure not to have someone that only has access to the last 4 be able to change that field without having authority to the full data - encrypted data could be re-encrypted and written back to the file. He also confirmed that there are other customers that used the DBU/400 application on encrypted fields using Field Procedures who have no issues.

Let me know if you have any questions.

Thanks.

--
PowerTech Support

Hi Dairin,

  I went ahead and closed your open case on our side.  Please let us know if you have further questions or new questions.

We can open a new case.

Thank you.

--

PowerTech Support