Skip to main content
Previous sectionNext section

Encryption

Protect information against unauthorized viewing.

Background Information

Encryption is the process of using a mathematical algorithm to transform information so that it becomes unreadable. The information is then available only to those who possess the key that can be used for decryption.

Available Tools

Support for managed key encryption

InterSystems IRIS includes support for managed key encryption, a suite of technologies that protects data at rest. These are:

  • Block-level database encryption, also known simply as database encryption — A set of tools to allow creation and management of databases in which all the data is encrypted. Such databases are managed through the Management Portal.

  • Data-element encryption for applications, also known simply as data-element encryption — A programmatic interface so that applications can include code to encrypt and decrypt individual data elements (such as particular class properties) as they are stored to and retrieved from disk.

  • Encryption key management — A set of tools in the Management Portal for creating and managing data-encryption keys and for managing key files. Both database encryption and data-element encryption use key files to support their functionality.

For details, see “Managed Key Encryption” in the Security Administration Guide.

Availability: All namespaces.

SOAP support

InterSystems IRIS SOAP support includes the ability to encrypt and decrypt SOAP messages. See Securing Web Services.

Availability: All namespaces.

XML support

InterSystems IRIS XML support includes the ability to encrypt and decrypt XML documents. See “Encrypting XML Documents” in Using XML Tools.

Availability: All namespaces.

Provides methods to perform data encryption, base–64 encoding, hashing, and generation of message authentication codes. The preceding encryption tools use these methods. Methods in this class include:

  • AESCBCDecrypt()

  • AESCBCManagedKeyDecrypt()

  • ActivateEncryptionKey()

  • GenCryptRand()

  • HMACSHA()

  • RSAGetLastError()

  • RSASHA1Sign()

  • And others

Availability: Some methods can be used in all namespaces. Some are available only in %SYS.

Reminder

The special variable $SYSTEM is bound to the %SYSTEM package. This means that instead of ##class(%SYSTEM.class).method(), you can use $SYSTEM.class.method().