Skip to main content
Previous sectionNext section

Encryption

Protect information against unauthorized viewing.

Background Information

Encryption is the process of using a mathematical algorithm to transform information so that it becomes unreadable. The information is then available only to those who possess the key that can be used for decryption.

Available Tools

Support for managed key encryption

Caché includes support for managed key encryption, a suite of technologies that protects data at rest. These are:

  • Block-level database encryption, also known simply as database encryption — A set of tools to allow creation and management of databases in which all the data is encrypted. Such databases are managed through the Management Portal.

  • Data element encryption for applications, also known simply as data element encryption — A programmatic interface so that applications can include code to encrypt and decrypt individual data elements (such as particular class properties) as they are stored to and retrieved from disk.

  • Encryption key management — A set of tools in the Management Portal for creating and managing data-encryption keys and for managing key files. Both database encryption and data element encryption use key files to support their functionality.

For details, see “Managed Key Encryption” in the Caché Security Administration Guide.

Availability: All namespaces.

SOAP support

Caché SOAP support includes the ability to encrypt and decrypt SOAP messages. See Securing Caché Web Services.

Availability: All namespaces.

XML support

Caché XML support includes the ability to encrypt and decrypt XML documents. See “Encrypting XML Documents” in Using Caché XML Tools.

Availability: All namespaces.

CSP

CSP includes the ability to encrypt and decrypt data on the server. See “CSP Session Management” in Using Caché Server Pages (CSP).

Availability: All namespaces.

Provides methods to perform data encryption, base–64 encoding, hashing, and generation of message authentication codes. The preceding encryption tools use these methods. Methods in this class include:

  • AESCBCDecrypt()

  • AESCBCManagedKeyDecrypt()

  • ActivateEncryptionKey()

  • GenCryptRand()

  • HMACSHA()

  • RSAGetLastError()

  • RSASHA1Sign()

  • And others

Availability: Some methods can be used in all namespaces. Some are available only in %SYS.

Reminder

The special variable $SYSTEM is bound to the %SYSTEM package. This means that (for ObjectScript) instead of ##class(%SYSTEM.class).method(), you can use $SYSTEM.class.method().