I'm only aware of an in built User Exit code for encryption/decryption
of data using Basic under D3.
Does anyone know the strength of this method, and can anyone tell me
if it is PCI (Payment Card Industry)compliant?

The reason I'm asking is that I need is a method to encrypt fields
that would conform to PCI compliance.
If the user-exit is a no-go, I'll need to find another method that
will encrypt data fields.


Cheers,
Richard M.

P.S. This is D3 running on ver 7.4.2.RS on AIX

On Feb 22, 9:58 am, rixx2... (AT) yahoo (DOT) com wrote:


Richard,

I doubt that the one-way encryption offered within D3 is anywhere near
your PCI compliance requirements. I would imagine that what you would
need to do is write the sensitive information out as a simple text
file to AIX filespace, run an encryption process over that, read data
back in (probably using the BIN: driver - I'd then convert to hex to
ensure this could be saved as a single-valued "attribute")

Reverse the sequence/processing to get your original data. I'm sure
this is something that GlenB will have experience in doing, and he
would be able to add more detail

HTH

On Feb 21, 2:58 pm, rixx2... (AT) yahoo (DOT) com wrote:
I have no idea if the user-exit 009d is PCI compliant, but it does
offer a simple way of encrypting and decrypting strings.

usage: coded.string = ICONV( seed:am:string, 'u009d' )
uncoded.string = OCONV( seed:am:string, 'u009d' )


Regards,

Dale

I wrote the U9D user exit and it works pretty well.

What makes it PCI compliant (or close) is the length and uniqueness of the
seed. They like 128bit (14 bypte) keys. We use this user exit and a vb
function I wrote that does the same thing to encrypt/decrypt our credit card
transactions. The longer the seed the better.

It is smart enough to not create segment marks in the middle of your string,
but for speed, it's not much smarter than that.


Mark Brown

"Dale" <dale_benedict (AT) flightcraft (DOT) ca> wrote

rixx2112 (AT) yahoo (DOT) com wrote in news:1172098699.464731.196670
@s48g2000cws.googlegroups.com:

Is OpenSSL available on the box? If so, you might consider using it for
encryption. IIRC, there are options to use only ascii characters for
encryption so you can store an encrypted string in an attribute or a
value. Very handy in the mv world.

Regards,
Joe

What for need encription?
- For saving encripted data?
- For data transfer between PC-server or server-server?

What connection You are use?

Regards,
Grigory

On Feb 21, 8:28 pm, "GVP" <g... (AT) infotools (DOT) ru> wrote:
Basically, several credit card companies have developed standards and
practices regarding the processing card information, including not
storing the card # in human readable form......

https://www.pcisecuritystandards.org/

"Glen B" <no$pamwebmaster@no$pamforallspec.com> wrote in
news:KpmdnYdrXIggV0DYnZ2dnUVZ_vmdnZ2d (AT) giganews (DOT) com:

Gee, that seems familiar...

Regards,
Joe

"Glen B" <no$pamwebmaster@no$pamforallspec.com> wrote in
news:Ao6dndvt9KuXvkLYnZ2dnUVZ_oudnZ2d (AT) giganews (DOT) com:

That pretty much sums up why I suggested OpenSSL to the OP the day
before your post.

Regards,
Joe

<rixx2112 (AT) yahoo (DOT) com> wrote
to discard the sensitive data and only retain a 4 byte {8bytes ascii nybbles}
checksum for use in future compares. Or only store the full data in a few
extraordinary offline copies; then you don't have to be so diligent protecting
the numerous overnight backup tapes.