Warnings and Special Considerations

Ensure that you have completed all post-installation steps, as described in the iSecurity Installation Guide.

While encryption can be applied to DDS-created physical files, it is well recommended to first convert the physical file to an SQL table definition. This is due to the fact that if the Change Physical File (CHGPF) command is used to apply a new DDS definition to file that is encrypted, CHGPF will remove the encryption without any prior warning. Also, when the CHGPF command is used with the SRCFILE parameter to change the field definition of a physical file, the CHGPF command will remove all registered Field Procedures on that physical file without any warning message.

To prevent such a risk, we recommend considering the following techniques:

  • IBM has documented a methodology that allows most physical files to be converted to SQL tables without requiring any application changes or recompiles. This seems to be the best approach. For more information, see this IBM Redbook.

  • Avoid using the CHGPF command.

  • Use the iSecurity/COMMAND product to control the use of CHGPF on encrypted files.

You need to decide whether you will work with encryption, or with tokenization. When you choose an item to be encrypted, the encrypted data replaces the original data in the file. When you choose an item to be tokenized, the encrypted data is written to a token file and a pointer to the token file replaces the original data in the file.

When you work with tokenization, every encrypted field has its own token file. The number of values that can be held in a token file is limited to 1.8 billion. This includes all past values of the field. If your organization wants to use the same token for several fields or for several systems, you should consult with Raz-Lee support staff for implementation and restrictions. The following restrictions will always apply:

  • The update of an entry will result with a new Token and will not update the value of the previous token.

  • While the current file will show the updated data, other references will refer to the previous value.

Although possible, it is not recommended to encrypt key (index) fields. Accessing with encrypted keys may fail and data will not appear in the order of the clear data. Before you attempt to encrypt key fields, contact Raz-Lee Security support staff.