AS/400 Encryption
IFS Encryption is provided in Crypto Complete to allow IBM i (iSeries) customers to encrypt and decrypt files and folders on the Integrated File System. All types of IFS stream files can be encrypted including text, PDF, JPG, TIF, CSV and XLS files. The encryption of IFS files can be completely automatic for designated folders or can be user-driven using Crypto Complete commands.
Strong AES encryption is utilized for protecting files on the IFS. AES follows standard (non-proprietary) specifications as published by the United States National Institute of Standards and Technology (NIST). You can choose between key lengths of AES128, AES192 and AES256.
The IBM i IFS encryption provided in Crypto Complete allows organizations to comply with PCI DSS requirements, state privacy laws and federal regulations such as HIPAA and Sarbanes-Oxley. Crypto Completeis a pure software solution requiring no additional hardware.
Automatic IFS Encryption
Crypto Complete can automate the encryption and decryption of files on the IFS. Through its innovative IFS encryption registry, authorized administrators can indicate which folders on the IFS should be encrypted. For each folder, you can indicate a unique encryption key for protecting the contents.
Once a folder is activated in the registry, Crypto Complete will automatically encrypt files as they are written to that IFS folder. For authorized users, files will be automatically decrypted as they are accessed from the folder.You can control user access to each encrypted folder through the use of IBM authorization lists. A folder can be granted access to individual users or groups of users.
Command-Driven IFS Encryption
Native IFS encryption/decryption commands are available in Crypto Complete, which can be easily integrated into existing IBM i applications and processes. Keys or passphrases can be used to protect the encrypted IFS files. Features include:
- Supports single file names and wildcards (e.g. *.pdf) to encrypt one or more IFS files at a time.
- Encrypted IFS files can be targeted to the IFS, a tape device and other physical and virtual backup devices.
- IFS encryption commands can be integrated quickly into existing processes.
- No intermediate save files are generated, saving disk space and time.
- Key labels can be stored in encrypted IFS files, so you don't have to remember which key to use on decryption.
- Only authorized users can be granted permissions to decrypt IFS files.
Crypto Complete's IFS encryption/decryption commands can be entered on the IBM i command line, placed in CL programs, incorporated in BRMS and used in job schedulers on the IBM i.
Example of command to encrypt IFS stream files: