Ciphering

Important:
The implementation of the ciphering feature is different to that available in Adabas for mainframes. The cipher code in Adabas for Linux and Windows is static and is not provided in Additions 4. Adabas Encryption for Linux is highly recommended as a state-of-the-art replacement.

Notes:

  1. Ciphering is no longer recommended for safe implementations.
  2. Ciphering does not fulfill modern encryption standards and security regulations.
  3. Ciphering is maintained for historic and maintenance reasons only.

The purpose of the ciphering in Adabas for Linux and Windows is to prevent unauthorized analysis of Adabas container files; e.g. via file dumps, editors, etc.

Unlike ciphering on the mainframe, it does not prohibit unauthorized access to the data; as both database utilities and database applications can access the data without the cipher code.

Adabas can cipher the data that it stores in container files. This, however, only applies to the data records that are stored in the Data storage, but not the values stored in the inverted lists on the Associator.

Ciphering prevents the unauthorized analysis of Adabas container files. If ciphering is enabled (see below), data records are ciphered when they are stored in a database by either the Adabas nucleus or by the mass update utility ADAMUP. The data records are then deciphered when they are requested by a user or application. This means that the ciphering is completely transparent to the user or application.

Ciphering can be enabled for individual Adabas files. This is done when defining the file with ADAFDU by setting the CIPHER/NOCIPHER option. The ciphering process uses internal parameters in order to achieve a maximum level of security. In some systems, identical fields and records present a possible security risk: if an unauthorized user can decipher one, the other can also be deciphered. The Adabas ciphering process, however, treats identical fields and records as follows:

  • Two identical fields within one record will be ciphered differently;

  • Two identical records within one Adabas file will be ciphered differently;

  • Two Adabas files with identical contents will be ciphered differently.

The following example demonstrates this on the basis of two fields in a record which both contain the value `TEST' (representations are hexadecimal):

Record 1  Unciphered=0x54455354  Ciphered=0xDD022537
Record 2  Unciphered=0x54455354  Ciphered=0x55EF0A51

Note:
The ciphered values shown above are just examples, and do not represent the actual ciphering mechanisms used.

The Adabas ciphering mechanism is characterized by the following features and restrictions:

  • System files (checkpoint and security) cannot be ciphered.

  • ADAM key files cannot be ciphered.

  • The output files produced by the utilities ADACMP (compression) and ADAULD (unload) are not ciphered.

  • The data saved on files produced by the backup utility ADABCK, and the EXPORT files produced by the export utility ADAORD are ciphered.

  • The restart and recovery records that are written to the WORK and PLOG files are ciphered.

  • The output produced by the FILE function of the report utility ADAREP contains information about file ciphering.