Is anyone reading/writing encrypted data from/to a text file with NetExpress? If so, how? I did a quick search of the knowledgebase and documentation and don't see anything about this. I need to store a database user id. and password in a non-clear text format of some sort, preferably using some strong, standard encryption. Thanks in advance for your help.

There is no simple answer. This is a classic Hard Problem in information security, sometimes known as the Unattended Startup problem (because it most often comes up when some system needs to load sensitive data at startup, and it's not practical to have a human there to supply it). It's part of a general category of "key hygiene" problems: how do you make a secret key available only to the programs that are supposed to have access to it?

There are various solutions, none of which are suitable for all use cases.

1. Do it interactively. When the program starts, it waits until someone enters the password.
2. Use specialized hardware, such as an HSM or TPM. This is complicated and how it can be applied really depends on the use case.
3. Put the secret in a file and protect that file:
   1. Using filesystem protections. These are generally user/group based, so any other process with the same identity will also be able to read the secret. Sometimes that's not a problem (e.g. for services that run under a unique ID). Also, anyone with authority to bypass permissions (system administrators, etc) can simply do so and read the secret.
   2. Using filesystem encryption. This is also generally tied to the process identity (user or group). It does protect against someone who can read the disk directly and similar attacks.
   3. Using application encryption. This just defers the problem: Where does the key for this encryption come from? It almost never can offer any actual additional security.

So I would submit that you're asking the wrong question. Encrypting a file at the application level probably buys you nothing. If you really want to do it, you could use something like CALL SYSTEM to run a file encryption program such as WinGPG; but there will still be a key somewhere, so an attacker just has to find that key.

Depending on your use case and requirements, it may be that your best solution at this point is to use filesystem permissions and possibly filesystem encryption (on Windows, EFS or Bitlocker) to protect the sensitive file.

---

Is anyone reading/writing encrypted data from/to a text file with NetExpress? If so, how? I did a quick search of the knowledgebase and documentation and don't see anything about this. I need to store a database user id. and password in a non-clear text format of some sort, preferably using some strong, standard encryption. Thanks in advance for your help.

Thanks for your answer Michael. We're looking at several ways to deal with this, one of which is essentially your option 3.b. Mostly I'm looking for technical details of how this is done. If I do file system encryption, do I have to do anything special to my COBOL program to access that encrypted file (both read and write)?

---

Is anyone reading/writing encrypted data from/to a text file with NetExpress? If so, how? I did a quick search of the knowledgebase and documentation and don't see anything about this. I need to store a database user id. and password in a non-clear text format of some sort, preferably using some strong, standard encryption. Thanks in advance for your help.

No, you shouldn't have to do anything special in the application. With Windows EFS, for example, you would generate a key if you don't already have one, then tell the OS to encrypt the file. (Usually it's best to mark the folder / directory as encrypted, rather than individual files.) The OS will handle encryption and decryption when you read and write the file. Only people whose keys are associated with the file will be able to read and write it - anyone else will get an error. You can find documentation and tutorials for Windows EFS online.

BitLocker requires even less effort, since it encrypts the entire drive; but depending how the machine is used it may not be suitable for your purposes.

---