Hello,
I am trying to learn about how encryption/decryption works in Progress. I have a need to build an encryption process for clients who use our software for messages that would be sent from them to a third party vendor.
It appears that Progress only uses symetric encryption and that the key must be the same in the encrypt and decrypt process. This means that I need to store the key somewhere so that the software can encrypt it and the vendor will need to know that key so that they can decrypt it.
Storing the key is where I'm worried. Because the process for encryption will be done automatically on each client's server, the key has to be stored on their server somewhere and the only way I can think to do that is through a database table. But that doesn't seem very secure from someone who could write a query to read into that table.
The other issue (not sure if it is an issue) is that the third party vendors won't have Progress and will have to use their own processes to decrypt the message. I've been told that as long as I supply the algorithm to them that this isn't an issue, that they can use whatever language they want to do the decryption. I wanted to verify that this is true?
I have read through how to build an encryption process in Progress and know how to do that, basically I'm wondering on how keys are typically securely stored in a situation like this and if it is true that the third party vendor does not need to have Progress to decrypt the message?
I am trying to learn about how encryption/decryption works in Progress. I have a need to build an encryption process for clients who use our software for messages that would be sent from them to a third party vendor.
It appears that Progress only uses symetric encryption and that the key must be the same in the encrypt and decrypt process. This means that I need to store the key somewhere so that the software can encrypt it and the vendor will need to know that key so that they can decrypt it.
Storing the key is where I'm worried. Because the process for encryption will be done automatically on each client's server, the key has to be stored on their server somewhere and the only way I can think to do that is through a database table. But that doesn't seem very secure from someone who could write a query to read into that table.
The other issue (not sure if it is an issue) is that the third party vendors won't have Progress and will have to use their own processes to decrypt the message. I've been told that as long as I supply the algorithm to them that this isn't an issue, that they can use whatever language they want to do the decryption. I wanted to verify that this is true?
I have read through how to build an encryption process in Progress and know how to do that, basically I'm wondering on how keys are typically securely stored in a situation like this and if it is true that the third party vendor does not need to have Progress to decrypt the message?