Creating a DB2 encryption UDF by editing a sample job
InfoSphere® Guardium Data Encryption provides sample jobs that you can edit to create an encryption User Defined Function (UDF).
Before you begin
About this task
You can create an encryption UDF by editing the sample job that is available in PDS smphlq.SDECSAMP, where smphlq is the SMP/E high-level qualifier for the product:
- DECDB2UD
- This job link-edits the DB2® CPACF protected key UDFs, DECENU00, DECENUI0 and DECENUP0, and the Random Number UDF DECENURN ICV, with their corresponding ICSF callable services.
- DECUXUDF
- This member contains SQL statements and descriptions that demonstrate
and describe the use of the DECENURN and DECENUI0 UDFs. DECUXUDF is
provided to demonstrate the use of DB2 UDFs provided by Encryption
Tool. The SQL contained is intended to provide a functioning example
for:
- Creating the DB2 functions for invoking the UDF
- Inserting rows containing encrypted column values
- Selecting rows, decrypting column values
- Updating existing rows, encrypting a previously non-encrypted column (for migration)
- Using DECENURN in conjunction with DECENUI0 to generate a unique ICV per row
- DECENURN
- This UDF program retrieves a random value from the CSNBRNGL ICSF callable service. DECENURN can be used in conjunction with DECENUI0, DECENUBL, and and DECENUP0.
Note: DECUXUDF is intended to serve as a basis for
your own customized use. The sample SQL can be run without modification,
but instances of INFOSPHERE GUARDIUM DATA ENCRYPTION ENCRYPTED
KEY should be replaced with the cryptographic key label
that was built by your security analyst.
Procedure
What to do next
If you modify the encryption UDF, a DB2 restart is required to refresh the encryption UDF with the new version.
You might have to customize the job to run in your ISPF/PDF environment. For example, you might have to add your ISPF basic target libraries to the appropriate //ISPxLIB ddname concatenations and add //ISPTABL to point to the same libraries as //ISPTLIB.