Categories: 01 - Programming (EN)01e - Programming miscellanea (EN)04f - Security

Safe sources with the debug encryption key

For companies that distribute and install their software on customer’s systems, it is obviously not advisable to leave their sources “unattended” on those systems.
But even without installing the sources, a “smart” user could access the code by simply starting a debug session for programs compiled with the DBGVIEW (*SOURCE / *LIST / *ALL) options, which embed source into the program object. On the other hand, compiling programs without this option complicates debugging operations (which inevitably happen sooner or later …).
Since 7.1, IBM has made available a new option on all ILE program and module compile commands; the Debug encryption key (DBGENCKEY) parameter allows you to specify a source encoding key, a sort of “password” that allows you to distribute perfectly debuggable programs without allowing others access the source code (unless you know the encryption key).
Let’s compile a program specifying this option:

                Create SQL ILE RPG Object (CRTSQLRPGI)              

Type choices, press Enter.    

Print file . . . . . . . . . . .   QSYSPRT       Name                          
  Library  . . . . . . . . . . .     *LIBL       Name, *LIBL, *CURLIB          
Debugging view . . . . . . . . .   *source       *NONE, *SOURCE                
Debug encryption key . . . . . .   DeBuGKey                                    
User profile . . . . . . . . . .   *NAMING       *NAMING, *USER, *OWNER        
Dynamic user profile . . . . . .   *USER         *USER, *OWNER                 
Sort sequence  . . . . . . . . .   *JOB          Name, *JOB, *HEX, *JOBRUN...

Like all passwords, the debug encryption key is also case-sensitive.
To “cheat” the debugger we now rename the source; otherwise, since the program was compiled on the same system and the source exists, the debug session would normally start with the source view.

RNMM FILE(MDUCA1/QRPGLESRC) MBR(TESTR06) NEWMBR(TESTR06$)

Starting the debug session for this program, the encryption key is required:

                      Enter Decryption Key      

Source file  . . :   QCLSRC           Module . . . . . :   TESTR06          

Source library . :   MDUCA1           Library  . . . . :   MDUCA1         
                                                                              
Source member  . :   TESTR06                              
                                                                                              
Current View:   ILE RPG Listing View                    
                                                                                                
Type Decryption Key, press enter.                                    
                                                                                   
                                                                  Bottom    
F3=Exit   F12=Cancel

If you do not enter the key, you are only allowed to a “blind” debug…

                        Display Module Source             

Program:   TESTR06        Library:   MDUCA1         Module:   TESTR06                                                                               

  (Source not available.)

The request screen allows a maximum of three attempts to enter the key, after three errors the key is no longer required and you enter directly in “blind” debug mode.
Thanks to this feature, you can safely start local or remote debugging sessions without risking that someone could snoop in your code.

Related Posts
DB2 for i SQL – String Manipulation – POSSTR-LOCATE-LOCATE_IN_STRING (EN)

Introduction Often, in our applications, we need to work with text strings, and DB2 SQL can come in very useful Read more

DB2 for i – FAQ & Howtos (EN)

DB2 Database and SQL ... maybe the most important things on IBM i platform: here's a collection of FAQs, tips Read more

IBM i 7.4 Announcement (En)

Comes directly with the Easter egg this IBM announcement for the news of the IBM i 7.4 version, iNext version Read more

Generated Always Columns (EN)

Introduction "Generated Always Column": are columns, table fields, filled by DB2 engine: something like columns with a default value but Read more

6 years ago
Leave a Comment

Related Post

Recent Posts

VsCode Extention: Bob Cozzi’s RPG IV to RPG Free Conversion

👉 Review: Bob Cozzi’s RPG IV to RPG Free Conversion – a useful VS Code extension for RPG modernization If…

2 months ago

IBM i & SQL Tips #010 – Locating Programs in the Call Stack with STACK_INFO

Hello everyone, I’d like to highlight another excellent contribution by Massimo Duca, part of his ongoing IBM i & SQL…

2 months ago

Trying out “Display File DDS Edit” for VS Code

Intrigued by some recent posts from Cristian Larsen on LinkedIn (New Release – Display File DDS Edit v 0.10.1), I…

3 months ago

Project Bob: the next-gen AI partner for IBM i and IBM Z application development

Hello everyone, Today I’d like to draw your attention to a major new announcement from IBM: Project Bob — a…

3 months ago

IBM i & SQL Tips #6: Calling REST APIs and Parsing JSON Responses with SQL

I want to share with you a particularly useful article by Massimo Duca in the IBM i & SQL Tips…

4 months ago

How Parameter Passing Works in IBM i Programs (RPG / Cobol)

Hello everyone, I’d like to highlight a very useful article by Marco Riva on Markonetools, where he clearly explains how…

4 months ago