Last Updated on 17 September 2019 by Roberto De Pedrini
For companies that distribute and install their software on customer’s systems, it is obviously not advisable to leave their sources “unattended” on those systems.
But even without installing the sources, a “smart” user could access the code by simply starting a debug session for programs compiled with the DBGVIEW (*SOURCE / *LIST / *ALL) options, which embed source into the program object. On the other hand, compiling programs without this option complicates debugging operations (which inevitably happen sooner or later …).
Since 7.1, IBM has made available a new option on all ILE program and module compile commands; the Debug encryption key (DBGENCKEY) parameter allows you to specify a source encoding key, a sort of “password” that allows you to distribute perfectly debuggable programs without allowing others access the source code (unless you know the encryption key).
Let’s compile a program specifying this option:
Create SQL ILE RPG Object (CRTSQLRPGI)
Type choices, press Enter.
Print file . . . . . . . . . . . QSYSPRT Name
Library . . . . . . . . . . . *LIBL Name, *LIBL, *CURLIB
Debugging view . . . . . . . . . *source *NONE, *SOURCE
Debug encryption key . . . . . . DeBuGKey
User profile . . . . . . . . . . *NAMING *NAMING, *USER, *OWNER
Dynamic user profile . . . . . . *USER *USER, *OWNER
Sort sequence . . . . . . . . . *JOB Name, *JOB, *HEX, *JOBRUN...
Like all passwords, the debug encryption key is also case-sensitive.
To “cheat” the debugger we now rename the source; otherwise, since the program was compiled on the same system and the source exists, the debug session would normally start with the source view.
RNMM FILE(MDUCA1/QRPGLESRC) MBR(TESTR06) NEWMBR(TESTR06$)
Starting the debug session for this program, the encryption key is required:
Enter Decryption Key
Source file . . : QCLSRC Module . . . . . : TESTR06
Source library . : MDUCA1 Library . . . . : MDUCA1
Source member . : TESTR06
Current View: ILE RPG Listing View
Type Decryption Key, press enter.
Bottom
F3=Exit F12=Cancel
If you do not enter the key, you are only allowed to a “blind” debug…
Display Module Source
Program: TESTR06 Library: MDUCA1 Module: TESTR06
(Source not available.)
The request screen allows a maximum of three attempts to enter the key, after three errors the key is no longer required and you enter directly in “blind” debug mode.
Thanks to this feature, you can safely start local or remote debugging sessions without risking that someone could snoop in your code.