Redvers COBOL Signature - Frequently Asked Questions
Why have you written this product in COBOL?
Because we saw so many people asking how to implement PKI encryption and digital signatures on internet forums. The answers were always complex and involved downloading software from many different sources, which then needed to be adapted to fit the relevant platform.
We thought: "There must be a better way to do this", and so we built the Redvers COBOL Signature subroutines, all in 100% COBOL, conforming to the latest standards, using a common API/linkage, capable of running on any COBOL platform.
How do I install this software?
The Redvers COBOL Signature programs are sold in COBOL source code form and are installed by copying to your site source code library and running your standard COBOL compiler. More details are in the Installation section of the User Guide. Compilation at client sites enables installation on multiple platforms and ensures complete compatibility with all other COBOL applications on the platform.
In order to protect both clients and ourselves from unauthorized code changes, the RCSCALC and RCSHASH source code has been "cloaked" using the Redvers Cloaking Device. This process makes no logical difference to the code but renders it unintelligible to humans.
Can I use another product to decrypt data or verify signatures created by the Redvers COBOL Signature software?
Yes. The Redvers COBOL Signature uses PKI encryption and OAEP padding logic that complies with RSA Laboratories PKCS #1 v2.2: RSA Cryptography Standard. Signatures conform to one of: RSA's PKCS #1 v2.2: RSA Cryptography Standard; NIST's FIPS PUB 186-4 Digital Signature Standard; or ANSI's ANS X9.62-2005 Public Key Cryptography for the Financial Services Industry - The Elliptic Curve Digital Signature Algorithm (ECDSA).
In addition, the Redvers COBOL Signature software will also verify and decrypt ciphertext generated by other PKI/signature products. Obviously, you'll need to use the same keys, hash algorithms and domain values.
What if I need to use a signature or PKI parameter, not listed in the User Guide?
If the Redvers COBOL Signature User Guide doesn't mention your specific signature algorithm or encryption encoding, please contact your account manager or use our Contact page to let us know what your requirements are. We can usually make the necessary adjustments in a few days without charge.
How much data can I encrypt with public/private asymmetrical keys?
PKI encryption is appropriate for encrypting field level data like passwords, codes or keys. It cannot encrypt long strings of data such as entire documents or account statements. The mathematical principals that PKI is based on, prevent it from encrypting/decrypting strings longer than the modulus - usually about 120 bytes. In addition to this limit, under OAEP padding, twice the length of the hash needs to be imbedded in the ciphertext string, reducing the amount of application data by another 40 characters or more.
For longer data strings, a symmetric key cipher should be used, such as AES (Advanced Encryption Standard). Fortunately, the Redvers Encryption Module is an NIST validated AES symmetric key cipher. The AES cipher works on multiple 16 byte blocks of data and has no upper length limit.
What are the technical limitations?
As the product is written in COBOL and compiled using the standard site compiler, the limitations are the same as those placed on all other COBOL applications at the site.
You haven't answered the question I had in mind.
If your question isn't listed above, please use our Contact page to ask any questions you may have and we will provide an answer as soon as possible.