RPGIV @ Work

A unique site for RPG and System i Lovers


Hi, this site will provide all what you need in System i and RPG developments.

My Name is Chamara Withanachchi, System i Expert and RPG Developer. And in the field for last 11 years.

I hope you will find lot of valuable information from this site

Encrypted Debug View Print E-mail
User Rating: / 0
Written by Chamara Withanachchi   

Extract of original article "Secure Your Debugging Process - Introducing encrypted debug views in IBM i 7.1" by Mark Hessler and Scott Elliott

This feature added for application developers in IBM i 7.1 is the capability to encrypt debug view data associated with an Integrated Language Environment.

The ILE debug environment provides source-level debug support. A source-level debugger is a debugger that provides a view of the high-level source code as an application runs, allowing you to set breakpoints and display or modify variables.

When an application is created, you can generate different debug views, including the source debug view and the list debug view.

When the source debug view is specified, pointers to the files containing the source are stored in the application. This minimizes the size of the application but requires that the files containing the source exist on the system where the application is being debugged. As a result, the source debug view is primarily used on internal development systems.

When the list debug view is specified, a copy of the compiled listing is stored in the application. This increases the size of the application, but allows source level debugging to be performed on any system since the files containing the source are not required.

The encrypted debug support added in IBM i 7.1 provides a mechanism to encrypt the text associated with the list debug view. A new option, DBGENCKEY, has been added to the ILE module creation commands and the debugger commands to activate this new support.

Debug data encryption is specified on the ILE module creation commands. All IBM i 7.1 ILE compilers support debug encryption (RPG, COBOL, CL, C, C++ and SQL). To activate debug encryption during module creation, specify list debug view using the DBGVIEW(*LIST) parameter and specify an encryption key using the DBGENCKEY parameter. The specified key will be used to encrypt the debug data. The same key is required to decrypt the debug data during debugging. For example:


The default value for the DBGENCKEY parameter on the ILE create commands is *NONE, which indicates that no debug data encryption will be performed. If an encryption key is specified, it can be between one and 16 characters in length. A key of one to 15 characters will be padded to 16 characters on the right with blanks. Therefore, the keys ‘ABC’ and ‘ABC ’ would be considered equivalent. Specifying a key of zero length is the same as specifying *NONE.

Since debug data encryption is performed as part of module creation, an application may use the same key for all modules or use a different key for each module. The application may also consist of some modules that have encrypted debug data and some modules that don’t.

The debug view data is decrypted during debugging of the application. The debugger will require that a key be specified if an encrypted debug view is encountered. One way to specify the key is on the Start Debug (STRDBG) command using the DBGENCKEY parameter. If an encrypted view is encountered and a key hasn’t been specified on STRDBG or the key specified on STRDBG is incorrect, the debugger will request a key with the Enter Decryption Key window. {mosimage} If a correct key is specified on either STRDBG or on the Enter Decryption Key window, the debugger will decrypt the debug view data and display the view.

If an invalid key is specified, the debug view won’t be visible. {mosimage} In that case, the debugger will allow breakpoints to be set (by line number) and variable values to be displayed or updated, however, a view of the source will be unavailable.

If an application contains multiple modules that use the same encryption key, the key only needs to be specified once during the debug session. Keys entered on the STRDBG command and in the Enter Decryption Key windows are cached. When the debugger encounters encrypted debug view data, it will first try to decrypt the data with the keys it has cached. The debugger will request a new key only after all cached keys have been unsuccessful in decrypting the debug view. This is done to minimize the number of times a key must be entered. Ending a debug session causes the cached keys to be cleared.

<Previous   Next>