A Simple Encryption/Decryption Algorithm for Numbers
April 27, 2005 Hey, Ted
One of the most important tasks of any IT department is to make sure that information stored in database files is not accessible to unauthorized users. RPG program CCED01 provides a simple way to encrypt and decrypt numbers up to 16 digits long.
The algorithm is based on a16-element array of numeric digits, which I implement as a compile-time array in CCED01. Each element must contain the ten numeric characters from 0 to 9. Each digit must appear only once in each element of the array. The digits can appear in any order you like. Here’s an example:
0123456789 1234567890 2345678901 3456789012 4567890123 5678901234 6789012345 7890123456 8901234567 9012345678 0123456789 1234567890 2345678901 3456789012 4567890123 5678901234
Program CCED01 has only one parameter: a 17-byte character value. The first 16 bytes contain a left-justified number. The last byte must contain E to encrypt or D to decrypt.
Let’s consider an example. Suppose a social security number 328827109 has to be stored in a database file. This number is passed to the program with the right justified letter ‘E’ for encryption:
CALL PGM (CCED01) PARM ('328827109 E')
Encryption is a two-step process. In the first step, the program replaces each digit of the number by its position within its array element, as illustrated here.
|
Input number |
Array element |
Output number |
|
3 |
0 1 2 3 4 5 6 7 8 9 |
4 |
|
2 |
1 2 3 4 5 6 7 8 9 0 |
2 |
|
8 |
2 3 4 5 6 7 8 9 0 1 |
7 |
|
8 |
3 4 5 6 7 8 9 0 1 2 |
6 |
|
2 |
4 5 6 7 8 9 0 1 2 3 |
9 |
|
7 |
5 6 7 8 9 0 1 2 3 4 |
3 |
|
1 |
6 7 8 9 0 1 2 3 4 5 |
6 |
|
0 |
7 8 9 0 1 2 3 4 5 6 |
4 |
|
9 |
8 9 0 1 2 3 4 5 6 7 |
2 |
|
|
9 0 1 2 3 4 5 6 7 8 |
|
|
|
0 1 2 3 4 5 6 7 8 9 |
|
|
|
1 2 3 4 5 6 7 8 9 0 |
|
|
|
2 3 4 5 6 7 8 9 0 1 |
|
|
|
3 4 5 6 7 8 9 0 1 2 |
|
|
|
4 5 6 7 8 9 0 1 2 3 |
|
|
|
5 6 7 8 9 0 1 2 3 4 |
|
The second step is to translate the resulting digit character to “garbage” characters. In my implementation, I translate the digits 0 through 9 to the values !@#$% &*(), which are the characters produced by holding down the shift key and pressing the number keys across the top of the keyboard.
Original Social Security Number: 3 2 8 8 2 7 1 0 9
Numerically Encrypted Number: 4 2 7 6 9 3 6 4 2
“Garbage” Characters Encrypted Number: % # * & ) $ & % #
The returned value %#*&)$&%# will be stored in the database file.
To decrypt the value, in order to display it on a screen for instance, I call the same program, passing the encrypted value as the left-justified portion of the parameter and the right-justified letter ‘D’ for decryption:
CALL PGM (CCED01) PARM (' %#*&)$&%# D')
The returned value 328827109 will be displayed on the screen.
Two organizations can use the same algorithm by using program CCED01with different compile time arrays, having different combinations of digits from 0 to 9 within the corresponding rows of the table. This difference in translation tables makes the encryption/decryption algorithm unique for each organization.
–Victor Pisman
|
Thanks to Victor for this interesting little algorithm. Let me add a few comments.
First, this is not industrial-strength encryption. One problem with this algorithm is that there is no way to change the encryption/decryption key without decrypting all encrypted data with the old array and re-encrypting it with a new compile-time array. However, it should be adequate for curious eyes around the office, especially those with access to query and reporting tools.
Second, Victor has allowed for 16 digits. This program could easily be modified to handle larger numbers.
Last, Victor’s use of one parameter works fine, but anyone who decides to implement this program might find it advantageous to use two or three parameters instead. I would prefer that the D or E option have its own parameter. It might also be good to have separate parameters for the encrypted and decrypted values.
–Ted
