COBOL Developer Solutions
Encryption and Key Management for Compliance
A variety of compliance regulations now require that organizations deploy standards-based encryption and separate encryption keys from the data that they product. For IBM System z Mainframe and for IBM i (AS/400, iSeries, System i) COBOL developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in COBOL applications as they are needed for encryption and decryption tasks. Alliance AES Encryption APIs for the IBM i and System z platforms provide NIST certified AES encryption, and Alliance Key Manager provides an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys to COBOL applications. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use with COBOL applications.
Encryption can be a challenge for COBOL developers. The Alliance AES Encryption software for the IBM i platform provides the COBOL developer a way to incorporate NIST-certified AES encryption into their COBOL applications. On the IBM System z platform you can use the native IBM iCSF facility for encryption, or you can use the Alliance AES encryption software for the System z platform.
COBOL Key Retrieval APIs
On the IBM i platform Alliance Key Manager provides an easy –to-use service program that can be added to any application for key retrieval. This service program performs all of the SSL/TLS secure communications with the key server, and supports failover to a secondary server if the primary server is off-line. On the IBM System z platform Alliance Key Manager provides a dynamic link library for key retrieval that can be used with COBOL applications.
The Townsend Security AES encryption libraries on the IBM i platform naturally integrate with Alliance Key Manager and perform the key retrieval and encryption in one step. You can also use the Alliance key retrieval software with any AES encryption library on the IBM i platform including IBM’s native encryption APIs and third party encryption software.
Wire Protocol Eliminates Libraries
The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. While Alliance Key Manager provides you with the software support you need to retrieve keys from the key server, you can also create your own applications to do key retrieval if you wish. If you use the Alliance Key Manager key retrieval software on the IBM i platform, you will use the no-charge IBM licensed program Digital Certificate Manager to create certificates used for SSL/TLS communications. The Alliance key retrieval software libraries use the native IBM i GSK APIs for the secure connection. If you use the Alliance Key Manager key retrieval software on the IBM System z platform, you will use the native IBM System SSL support for SSL/TLS communications. System SSL is a part of the Cryptographic Services Base element of z/OS.
Alliance Key Manager Documentation and Sample Code
The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager from COBOL and provides sample application code that you can use to get started. On the IBM i platform you can retrieve encryption keys from both OPM and ILE COBOL applications. On the IBM System z platform you can install sample code through XMIT files.
COBOL AES Encryption APIs
Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including IBM i (AS/400, iSeries) and IBM System z Mainframe. On the IBM i (AS/400, iSeries) platform AES software is delivered as a service program that is installed with the Alliance AES/400 solution. On the IBM System z platform the AES software is provided as a bindable module. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on a variety of other platforms including Linux, Unix, and Windows platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport.
COBOL Hash, RNG, and Encoding APIs
In addition to encryption APIs, the Alliance AES/400 solution for the IBM i platform provides the COBOL developer with a variety of APIs that provide support for SHA-256 hashing, cryptographically secure random number generation (CS-PRNG), data masking, and Base64 and Base16 (hex) encoding of data. These APIs let the COBOL developer easily extend their applications to incorporate these common cryptographic functions. Sample COBOL source code helps you get started with your data protection projects.
Alliance AES Encryption Documentation and Sample Code
The Alliance AES/400 solution includes documentation on the use of Alliance AES encryption from COBOL programs and provides sample application code that you can use to get started. If you use the Alliance AES/400 encryption solution, documentation and sample code are provided to help you get started quickly.
Tokenization for COBOL Developers
Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to COBOL applications and applications on all over major operating systems.
