Alliance AES/400 Frequently Asked Questions

What is AES encryption?
AES stands for "Advanced Encryption Standard". This is a cryptography standard put forward by the National Institute of Standards and Technology (NIST). The NIST held an extensive review of cryptography protocols and selected the Rjindael proposal. This came to be known as AES and has been formally accepted as FIPS-197 by the NIST. The Alliance implementation uses the stronger 256-bit AES encryption algorithm. 

Can I use Alliance AES encryption to encrypt credit card numbers in my database?
Yes, the Alliance AES/400 product includes extensive application program interfaces (APIs) that you can use in your RPG and Cobol applications to encrypt fields in your database files. These APIs are ideal for securing credit card numbers, social security numbers, PIN codes, and other sensitive information. The implementation of Alliance AES encryption is secure with even very small fields. Sample source code in the product library can help you get started quickly.

Can I encrypt DB2 files?
Yes, there are encryption and decryption commands in the Alliance product that work on whole files. You can encrypt DB2 database files and IFS files with these commands. The commands integrate with the Alliance AES key management system for secure key storage.

Can I send AES encrypted files to my bank (insurance company, benefits provider, etc)?
You should discuss this with your bank before starting an encryption project. Many banks prefer to receive files in PGP (Pretty Good Privacy) encrypted format. If your bank wants to receive PGP encrypted files you should consider using the Alliance FTP Manager product with the PGP Option. If you bank can receive a Windows self-decrypting archive file you can use Alliance AES encryption to create these files.

What are the hardware and software requirements?
Alliance AES encryption runs on any IBM iSeries or AS/400 platform with operating system OS/400 version V5R1 or later. Alliance products are compatible with V5R3 and the i5/OS operating system.  No other IBM or third-party software applications are required. Alliance does not use any external server applications and is a native AS/400 application.

What is a self-decrypting archive?
A self-decrypting archive is a program that can be executed on a Windows PC or Server system and which contains a file in encrypted format. When the program is executed it prompts you for a pass phrase. If the pass phrase is valid the encrypted file is extracted to the PC hard drive and decrypted. Self-decrypting archives are useful when you want to send sensitive information to a Windows user. The recipient of the file does not need to install any third party encryption software to process the file.

Can I encrypt files on my PC for decryption on the IBM iSeries?
Yes, you can use the Alliance Windows application to encrypt files on your Windows PC or server. Once encrypted the file can be transferred to the AS/400 and decrypted using the Alliance AES decryption command. Licensed users of the Alliance AES option may freely distribute the Windows application. The Windows application can also be used to decrypt files that you encrypted with Alliance AES on the AS/400.

Can I use AES encryption for back up files?
Yes, you can encrypt files with Alliance AES and save the files to backup. This provides privacy for the data while on tape or optical media. When such data is restored it can be decrypted with the Alliance decryption commands and restored to a library.

Can I use Alliance AES encryption for spool file reports?
If you are using the Alliance AES encryption software with Alliance FTP Manager you can automatically distribute spool file reports in AES encrypted of AES self-decrypting archive format. You can define multiple output queues to the report distribution module in the product. You can also select reports in an output queue by spool file name, user name, spool file user data, and other selection criteria. With Alliance AES/400 you can automatically capture spool files to an encrypted archive on the AS/400 disk. Special user applications allow retrieval of the encrypted spool file for viewing or re-printing.

How does Alliance AES encryption help me satisfy privacy regulations?
Alliance AES encryption is based on the NIST standard for strong encryption. This can help you satisfy the safe harbor provisions for California Privacy Notification and other federal and state regulations. Be sure to check with your regulatory body to ascertain if 256-bit AES encryption is an approved standard. Since 256-bit AES encryption is more secure than the older Triple DES standard, it will generally meet or exceed any encryption requirements.

Does Alliance AES encryption provide key management?
Yes, Alliance AES encryption provides a key management application to help you create and manage keys. When you create keys with the Alliance AES key manager the pass phrase and key information is stored in secure, encrypted format. Alliance automatically creates historical saves of your key management database to allow retrieval of keys that are accidentally deleted. The Alliance AES commands and APIs can use the key management facility for encryption tasks.

Can my programmers use Alliance AES encryption?
Yes, Alliance provides extensive command and API functions for programmer use. Working sample source code in the product library can help you get up and running fast. A separate AES reference manual provides documentation on the commands and APIs.

I have applications on a Windows system. Can I decrypt data encrypted on the AS/400? Can I encrypt data on the Windows system for decryption on the AS/400?
Alliance AES/400 provides a TCP communications application that you can use to deploy distributed encryption services to Windows, UNIX, Linux, and remote AS/400 applications. For example, you can use the Sockets Control in Visual Basic to communicate with the Alliance AES TCP service to encrypt data. Then you can decrypt the data directly on the AS/400 using the Alliance field encryption APIs. The Alliance TCP communications application provides both standard TCP sockets and secure SSL TCP sockets services.