HPE Community
Operating System - HP-UX
1827321 Members
3915 Online
109961 Solutions
New Discussion

Data Encryption

 
Prabhu_9
Occasional Advisor

‎09-03-2007 07:05 PM

‎09-03-2007 07:05 PM

Data Encryption

We need to store some Sensitive info in our Database (DB2). What kind of encryption methodology / logic that generally used for encrypting sensitive info like Credit card info, Social Security #, Account #/ PIN etc…?

What is the best practise to do the encryption?
Encrypt in ETL tool (datastage) or in database (DB2)?

Iam reading info on DES,AES. But how to call them from a ETL Tool? Does that mean a encrypt function provided by a ETL or DB will internally use these methods?

Please HELP. Thanks
0 Kudos
Reply
3 REPLIES 3
tkc
Esteemed Contributor

‎09-03-2007 09:10 PM

‎09-03-2007 09:10 PM

Re: Data Encryption

how about this tool called EVFS ?

http://docs.hp.com/en/5991-5390/ch01s01.html
0 Kudos
Reply
whiteknight
Honored Contributor

‎09-04-2007 01:07 AM

‎09-04-2007 01:07 AM

Re: Data Encryption


Hi

You can download this EVFS software for free.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=EVFS

Supported 11iv2 and 11iv3 onwards

WK
please assign points
Problem never ends, you must know how to fix it
0 Kudos
Reply
Heironimus
Honored Contributor

‎09-04-2007 04:43 AM

‎09-04-2007 04:43 AM

Re: Data Encryption

There is no quick answer, it all depends on what data you're storing and how you're using it. If it's only used for comparisons you can use a one-way hash like SHA1. In some cases you want the application to encrypt data and store the ciphertext in the database, in other cases you want the database to handle the encryption. Some types of data can also be partially masked out instead of being hashed or encrypted. You probably need everything to be encrypted over the network, though.

If you're handling credit card information you really need to sit down and spend some time reading the PCI-DSS document because you'll probably be audited for compliance. Its guidelines are written specifically for handing cardholder data. Even if you're not doing payment cards many of the guidelines can be applied to other types of data.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.