AES Encryption for the IBM i (AS/400)

Alliance AES/400

AES Encryption for the IBM i (AS/400)

NIST Compliant AES Encryption Validated protection for data at rest on the IBM i (AS/400, System i). Our NIST compliant AES/400 solution will meet or exceed encryption standards in PCI DSS, HIPAA/HITECH, and other regulations.

IBM i Encryption with FIELDPROCEncryption that is Optimized for Performance

Alliance AES/400 encryption APIs are capable of encrypting 1 million credit card numbers in less than one CPU second. They are highly optimized for performance, and perform up to 100X faster than equivalent IBM APIs on the IBM i platform.

Automated Encryption and Decryption on the IBM i

Alliance AES/400 supports the FIELDPROC exit point introduced in V7R1.  Encrypt and decrypt fields that store data such as credit card numbers, SSN, birth dates, address, account numbers and other PII instantly without impacting applications. Alliance AES/400 FIELDPROC support will protect access to the data without changing your database or your applications. There is no need to reformat your database, or expand field sizes.

Easily Control Access to Sensitive Data with Data Masking

Automatically mask all but Last 4 or First 6 characters of credit card and social security numbers on decryption. Replace sensitive names, addresses, phone numbers, and other information with non-sensitive information. For organizations that automatically encrypt data on IBM V7R1, automatic encryption and decryption on the IBM i works for all users and applications. Administrators cannot rely on native IBM i object, or user authorities to control access to encrypted data. AES/400 helps enforce user access control with a built in data masking capability.  Security administrators can easily define the users who should have access to all of the data, and then define a default policy that masks critical data for other users.

FIELDPROC Encryption with Legacy RPG Applications

With Alliance AES/400, IBM i customers with legacy RPG applications can deploy automatic DB2 encryption over sensitive data which are indexes. Townsend Security has leveraged OAR capabilities to replace the legacy RPG  file I/O with modern SQL operations. Alliance AES/400 maps legacy RPG  file operations like CHAIN, SETLL and other operations to native SQL statements, while preserving the functional integrity of the original RPG business logic.  


Meet Compliance Requirements With NIST Compliant AES Encryption

Alliance AES/400 is the only NIST compliant AES database encryption solution for IBM i.  The solution uses compliant 256-bit AES encryption for FIELDPROC data protection.

Externally Manage Encryption Keys for Regulatory Compliance

Meet PCI and HIPAA/HITECH compliance requirements using Townsend’s FIPS 140-2 compliant encryption key manager.  Administrators can enforce separation of duties and maintain dual control over encryption keys and the encrypted data.  Key Manager automates all encryption key management processes including key rotation, retrieval and change to save time and money.

Spooled File Report Encryption

Capture and encrypt spooled file reports automatically in real time or on a daily schedule. Encrypted reports are maintained on-line with view and reprint capability. User controls and automation are fully supported.

IFS File Encryption

Encrypt and decrypt files in any IFS directory. Files can be encrypted on the IBM i platform and decrypted on Windows and Linux.

Save File Encryption

Encrypt and decrypt any save file to an on-line archive. Encrypted save files can be moved to off-line storage or transferred to another IBM i platform for decryption.

Self-Decrypting Archives

Encrypt IBM i files to a Windows self-decrypting archive executable program. Self-decrypting archives can be transferred to a Windows user and decrypted without the requirement for additional software. This facility is ideal for the secure distribution of small files.

Compliance Logging

Compliance logging is integrated into all configuration and key management activities. Encryption and decryption logging can be implemented by policy or at the API level. Full support for IBM Security Audit journal QAUDJRN. Optional Alliance LogAgent product collects all security events for transfer to log collection server or SIEM solution.

Supports Two Factor Authentication

Paired with Alliance Two Factor Authentication, organizations can reduce the security weakness of relying on passwords as their only authentication mechanism.  By requiring an additional piece of information delivered to authorized users via SMS text or voice message, organizations can improve security of their sensitive data.

Flexible Licensing Options

With flexible licensing options, including perpetual and subscription licensing, protecting sensitive data on the IBM i has never been easier or more affordable.


FIPS-197 compliant and NIST compliant Advanced Encryption Standard (AES)

Encryption Modes

Electronic Codebook (ECB)

Cipherblock Chaining (CBC)

Counter (CTR)

Output Feeback (OFB)

Cipher Feedback (CFB1, CFB8, CFB128)

Key Sizes

AES 128, 192, 256 bit symmetric keys

RSA 1024,2048, 3072, 4096 bit asymmetric keys

Case Studies

Citizens Security Life Insurance (CSLI)

Compliance Made Easy - Protecting Private Information with Alliance AES/400 Encryption for IBM i and Alliance Key Manager for VMware.

Retail Performance Crisis Solved

After turning to Townsend Security's AES encryption suite on the IBM i platform, a large retailer was able to reduce their nightly batch run times from 9 and ½ hours to 10 minutes!

Staples Says "That Was Easy"

The challenge: Implement strong encryption in a demanding IT environment, with minimal impact to performance.

Solution Briefs

Alliance AES/400 Encryption for the IBM i

Alliance AES/400 Encryption for IBM i provides AES encryption for sensitive data everywhere it resides on your IBM i platform: Database files, tape, IFS files, Save Files, reports, and messages.

Alliance AES/400 FieldProc - FAQ

This document contains a collection of the answers to the most common questions people ask about Alliance AES/400 FieldProc.


Alliance AES/400

Alliance AES/400 Encryption provides AES encryption for sensitive data everywhere it resides on your IBM i platform: Database files, tape, IFS files, Save Files, reports, and messages.

White Papers

Encryption Key Management for IBM i

Meeting compliance regulations for managing encryption keys is a challenge for IBM i administrators.  Understanding the core concepts presented in this white paper can prevent a variety of problems.