COBOL software for XML generation & parsing, AES encryption, data compression and source code obfuscation from Redvers Consulting

Redvers Encryption Device

The Redvers Encryption Device is an AES (Advanced Encryption Standard) 128, 192 or 256 bit encryption and decryption algorithm, specifically designed for COBOL applications.

Main features:

• Validated by the NIST (number 1141)
• Runs on any COBOL platform
• Distributed in COBOL source code (cloaked)
• Fast, efficient, professional and fully scalable
• Operates at field, record or file level
• Can be used to turn production data into safe test data
• Supports calls from batch or on-line (eg: CICS)
• Free 30 day trial

The Redvers Encryption Device is used by customers all over the world, running on iSeries/AS400, UNIX, HP, Linux, Fujitsu Siemens BS2000, Micro Focus and IBM mainframe platforms. It is frequently used in PCI compliant applications.

Data selected for encryption can consist of a single field, part of a record, a complete record or a file of records concatenated end-to-end. Field level encryption can be used to target sensitive data only, giving applications access to non-sensitive data without the need for unnecessary file/volume decryption.

Download a PDF white paper on COBOL AES Encryption:

How strong is AES encryption?

Here's an excerpt from a National Institute of Standards and Technology (NIST) Fact Sheet:

"Because of its greater strength and efficiency, AES eventually will replace NIST's earlier Data Encryption Standard (DES), in use since 1977, and Triple DES, approved in 1999. Assuming that one could build a machine that could recover a DES key in a second, then it would take that machine approximately 149 trillion (thousand-billion) years to crack a 128-bit AES key; this is longer than our universe has existed. In 1997, NIST invited the world's best cryptographers to submit and help evaluate algorithms for the new encryption standard. This four-year effort resulted in the new AES."

How it Works

COBOL AES encryption will require a one-off procedure to replace all fields containing confidential information (plaintext) with their equivalent encrypted strings (ciphertext). After this process, application databases and files will remain intact and operational as before. For the majority of applications, the decision to encrypt confidential data will require no program changes at all.

Unsecured transactions will continue to access records containing encrypted fields in the usual way; they just won't be able to interpret the encrypted field content.

When an application has authorization to access encrypted data, it passes the encryption key and ciphertext to a decryption subroutine which returns the readable plaintext.

If an authorized application needs to update encrypted data, it follows the usual decryption method and updates the plaintext. The updated plaintext is then passed to the encryption routine (with the same encryption key used for decryption) and the new ciphertext output is written back to the database or file.

The diagram below shows how the encryption / decryption procedures might be used in each type of application environment:

The Redvers Encryption Device runs the standard AES cipher, which means it can generate ciphertext for decryption by other AES ciphers and decrypt ciphertext, generated by other AES ciphers.

Technical Information

The Redvers Encryption Device (2.1) uses the Advanced Encryption Standard (AES) algorithm, sometimes known as the Rijndael algorithm, to encrypt and decrypt data using 128, 192 or 256 bit keys. The AES symmetric block cipher was announced in 2001 by the National Institute of Standards and Technology (NIST) in U.S. FIPS Publication 197. Its worldwide use is encouraged by the U. S. Government and many specialist security organizations.

The AES algorithm is used in conjunction with one of five confidentiality modes, defined in NIST Special Publication 800-38A. These modes are: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feed Back (CFB), Output Feed Back (OFB) and Counter (CTR). The Redvers Encryption Device supports all these confidentiality modes.

The Redvers Encryption Device fully conforms to FIPS PUB 197 and NIST Special Publication 800-38A specifications and has been validated by the Cryptographic Algorithm Validation Program (CAVP) at NIST - validation number 1141.

Redvers Encryption Device programs do not contain any information that can be used to derive encryption keys or plaintext values. These programs are simply computer instructions that result in the publicly known, AES cipher logic process. They can therefore be used in production and development environments.

Machine memory used by the device to temporarily store plaintext and encryption keys, is wiped clean with a "clean storage" call, once all data has been encrypted or decrypted.

Due to the fact that COBOL data can terminate with a binary field, the Redvers Encryption Device uses the Public-Key Cryptography Standards (PKCS#5) padding method (ECB, CBC and CFB confidentiality modes only).

In order to facilitate the generation of test data, ciphertext can be returned in base64 encoded form (as defined in IETF RFC 2045) or as a single integer (some truncation may apply).

Encryption rates are 125,000 bytes per second running ECB confidentiality mode with a 256 bit key. Decryption rates are 60,000 bytes per second running ECB mode with a 256 bit key. Faster decryption rates can be achieved if CFB, OFB or CTR confidentiality modes are used, as these modes use the forward cipher for decryption. All benchmark timings were performed on an IBM zSeries mainframe running z/OS 1.10.

Download a free 30 day trial here...