Previous section   Next section

Encryption

Protect information against unauthorized viewing.

Background Information

Encryption is the process of using a mathematical algorithm to transform information so that it becomes unreadable. The information is then available only to those who possess the key that can be used for decryption.

Available Tools

Support for managed key encryption
Caché includes support for managed key encryption, a suite of technologies that protects data at rest. These are:
  • Block-level database encryption, also known simply as database encryption — A set of tools to allow creation and management of databases in which all the data is encrypted. Such databases are managed through the Management Portal.
  • Data element encryption for applications, also known simply as data element encryption — A programmatic interface so that applications can include code to encrypt and decrypt individual data elements (such as particular class properties) as they are stored to and retrieved from disk.
  • Encryption key management — A set of tools in the Management Portal for creating and managing data-encryption keys and for managing key files. Both database encryption and data element encryption use key files to support their functionality.
For details, see “Managed Key Encryption” in the Caché Security Administration Guide.
Availability: All namespaces.
SOAP support
Caché SOAP support includes the ability to encrypt and decrypt SOAP messages. See Securing Caché Web Services.
Availability: All namespaces.
XML support
Caché XML support includes the ability to encrypt and decrypt XML documents. See “Encrypting XML Documents” in Using Caché XML Tools.
Availability: All namespaces.
CSP
CSP includes the ability to encrypt and decrypt data on the server. See “CSP Session Management” in Using Caché Server Pages (CSP).
Availability: All namespaces.
Provides methods to perform data encryption, base–64 encoding, hashing, and generation of message authentication codes. The preceding encryption tools use these methods. Methods in this class include:
  • AESCBCDecrypt()
  • AESCBCManagedKeyDecrypt()
  • ActivateEncryptionKey()
  • GenCryptRand()
  • HMACSHA()
  • RSAGetLastError()
  • RSASHA1Sign()
  • And others
Availability: Some methods can be used in all namespaces. Some are available only in %SYS.

Reminder

The special variable $SYSTEM is bound to the %SYSTEM package. This means that (for ObjectScript) instead of
##class(%SYSTEM.class).method()
, you can use
$SYSTEM.class.method()
.
Previous section   Next section