Redvers Encryption Device
The Redvers Encryption Device is an AES (Advanced Encryption Standard) 128, 192 or 256 bit encryption and decryption algorithm, specifically designed for COBOL applications.
Main features:
- Validated by the NIST (number 1141)
- Runs on any COBOL platform
- Distributed in COBOL source code (cloaked)
- Fast, efficient, professional and fully scalable
- Operates at field, record or file level
- Can be used to turn production data into safe test data
- Supports calls from batch or on-line
- Free 30 day trial available
The Redvers Encryption Device is used by customers all over the world, running on iSeries/AS400, UNIX, HP, CA-Realia, Fujitsu Siemens BS2000, Micro Focus and IBM mainframe platforms. It is frequently used in PCI compliant applications.
Data selected for encryption can consist of a single field, part of a record, a complete record or a file of records concatenated end-to-end. Field level encryption can be used to target sensitive data only, giving applications access to non-sensitive data without the need for unnecessary file/volume decryption.
How strong is AES encryption?
Here's an excerpt from a National Institute of Standards and Technology (NIST) Fact Sheet:
"Because of its greater strength and efficiency, AES eventually will replace NIST's earlier Data Encryption Standard (DES), in use since 1977, and Triple DES, approved in 1999. Assuming that one could build a machine that could recover a DES key in a second, then it would take that machine approximately 149 trillion (thousand-billion) years to crack a 128-bit AES key; this is longer than our universe has existed. In 1997, NIST invited the world's best cryptographers to submit and help evaluate algorithms for the new encryption standard. This four-year effort resulted in the new AES."
How it Works
The Redvers Encryption Device consists of a pair of efficient, easy to use, COBOL subroutines (RCENCRYP and RCDECRYP) that encrypt and decrypt data strings as required. These subroutines may be called in batch or on-line modes.
Data to be encrypted (plaintext) is passed to RCENCRYP in the form of a character string held in application storage. RCENCRYP then returns the equivalent encrypted string (ciphertext). Parameter information, including the string lengths, confidentiality mode and encryption key are transferred in a fixed format communication block.
Decryption is performed by passing the ciphertext string to RCDECRYP along with the communication block. RCDECRYP then returns the equivalent readable plaintext.
Secure test data can also be generated by RCENCRYP based on the encrypted ciphertext. Alphanumeric values are returned in the form of a base64 character string and numeric values are returned as an integer.
The diagram below shows how an encryption / decryption procedure might be used in a typical application environment.
The Redvers Encryption Device runs the standard AES cipher, which means it can generate ciphertext for decryption by other AES ciphers and decrypt ciphertext, generated by other AES ciphers.
Technical Information
The Redvers Encryption Device (2.1) uses the Advanced Encryption Standard (AES) algorithm, sometimes known as the Rijndael algorithm, to encrypt and decrypt data using 128, 192 or 256 bit keys. The AES symmetric block cipher was announced in 2001 by the National Institute of Standards and Technology (NIST) in U.S. FIPS Publication 197. Its worldwide use is encouraged by the U. S. Government and many specialist security organizations.
The AES algorithm is used in conjunction with one of five confidentiality modes, defined in NIST Special Publication 800-38A. These modes are: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feed Back (CFB), Output Feed Back (OFB) and Counter (CTR). The Redvers Encryption Device supports all these confidentiality modes.
The Redvers Encryption Device fully conforms to FIPS PUB 197 and NIST Special Publication 800-38A specifications and has been validated by the Cryptographic Algorithm Validation Program (CAVP) at NIST - validation number 1141.
Redvers Encryption Device programs do not contain any information that can be used to derive encryption keys or plaintext values. These programs are simply computer instructions that result in the publicly known, AES cipher logic process. They can therefore be used in production and development environments.
Machine memory used by the device to temporarily store plaintext and encryption keys, is wiped clean with a "clean storage" call, once all data has been encrypted or decrypted.
Due to the fact that COBOL data can terminate with a binary field, the Redvers Encryption Device uses the Public-Key Cryptography Standards (PKCS#5) padding method (ECB, CBC and CFB confidentiality modes only).
In order to facilitate the generation of test data, ciphertext can be returned in base64 encoded form (as defined in IETF RFC 2045) or as a single integer (some truncation may apply).
Encryption rates are 125,000 bytes per second running ECB confidentiality mode with a 256 bit key. Decryption rates are 60,000 bytes per second running ECB mode with a 256 bit key. Faster decryption rates can be achieved if CFB, OFB or CTR confidentiality modes are used, as these modes use the forward cipher for decryption. All benchmark timings were performed on an IBM zSeries mainframe running z/OS 1.10.