IBM i Encryption with FieldProc and Assure Encryption

Understanding Field Procedures on IBM i and how to tackle common challenges

Organizations of all sizes are rushing to implement encryption to protect sensitive digital assets including personally identifiable information of customers, vendors, and employees, and valuable intellectual property. IBM introduced a Db2 database column level exit point named Field Procedures, or FieldProc, in release 7.1 of the IBM i operating system.

This column-level exit point is implemented directly in the Db2 database and is invisible to applications (both IBM and user) that use the database. Customers and third-party vendors are developing FieldProc exit point software to provide the encryption, key management, user control, audit and data masking features that IBM i customers need to protect sensitive data.

FieldProc Architecture
FieldProc is a type of column-level exit point that is implemented directly in the Db2 database. As is typical with any of the other IBM i exit points, IBM
provides the architecture for the exit point to invoke a user application, but IBM does not provide that application. Customers or vendors can create
a FieldProc application based on the documented architecture of the exit point. Precisely is one vendor who provides such software.

The exit point architecture is very simple. There are only two commands and three functions that are supported. The two commands are:

  • Start FieldProc
  • End FieldProc

The three functions that are handled by a FieldProc program are:

  • Initialization
  • Encode (Encrypt)
  • Decode (Decrypt)

When FieldProc is started on a column, the FieldProc program is called for Initialization, and then called for each row in the table to provide for the
encryption of the column. When FieldProc is ended, the FieldProc program is called for each row to decrypt the data. All other normal read, change, and insert operations call the FieldProc program to provide for encryption or decryption as needed. FieldProc is not invoked for a delete operation on a row.

This eBook explores the architecture, implementation, critical features and limitations of Field Procedures on the IBM i and points to some solutions to the primary challenges.


IBM i Encryption with FieldProc and Assure Encryption: Protecting Data at Rest