The following subsections describe encryption techniques for XML, Wrapped Files, and databases.

XML Encryption

XML Encryption allows COBOL or ALGOL applications to easily encrypt or decrypt data in XML documents. MCP cryptography services are required to enable this feature. For more information, see the WEBAPPSUPPORT Application and Programming Guide.

Wrapped File Encryption

You can encrypt files as they are wrapped as wrapped files or into containers, for secure transport of data. The encryption is password-based and the password must be sent over a secure channel, separate from the file. MCP Cryptographic Services are required to support this feature. Wrapped File Encryption uses AES-GCM encryption, an industry-standard authenticated encryption algorithm. For additional information about the WRAP statement, refer to the Work Flow Language (WFL) Programming Reference Manual and for additional information about the MCP_WRAPPER and MCP_FILEWRAPPER interfaces, refer to the MCP System Interfaces Programming Reference Manual.

Database Encryption

The Enterprise Database Server protects sensitive data in individual columns or data sets via encryption. MCP Cryptographic Services are required to support this feature. Enterprise Database Server database encryption uses AES_256_GCM or AES_256_HMAC_SHA256 industry standard algorithms. The Enterprise Database Server manages keys. You can backup and restore keys through Security Center. For additional information about database encryption, see the Enterprise Database Server Utilities Operations Guide.

Disk Encryption

Disk encryption encrypts the data at rest on the disk and is automatically encrypted and decrypted on each access. Keys must be defined and backed up before use. Refer to the System Commands Reference for more information on disk encryption.