Encryption in Transit: ibm_db driver

[Alok Bhave]

Hi All,

I have build an API in Python which interacts with DB2. I am using ibm_db driver to connect to DB2. This works fine. 

I am looking for inputs which regard to enabling encryption in transit. I went across the driver documentation at https://github.com/ibmdb/python-ibmdb but was not able to find any reference in this regard. 

In general practice based on driver we update the connection string with parameters like encrypt=true;trustServerCertificate=true OR EncryptionMethod=1.  

But for ibm_db driver i am not able to find the adequate parameter. Please suggest. 

I am using below standard code to connect to DB2.

>>> # Connect using ibm_db >>> conn_str='database=pydev;hostname=host.test.com;port=portno;protocol=tcpip;uid=db2inst1;pwd=secret' >>> ibm_db_conn = ibm_db.connect(conn_str,'','')  

Python = 3.7

ibm_db = 3.0.1

Deployed to Openshift v3

Thanks in Advance. 

Regards,

Alok

[Saba Kauser]

Hi,

python ibm_db uses db2 ODBC and CLI driver(aka db2 clidriver) for connectivity to database. Hence, the connection string or configuration parameters that are supported in db2 clidriver are applicable for ibm_db as well.

You can configure Db2 server for TLS for data encryption in transit. follow -> https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html

You can configure client and generate certificates. Follow ->

https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0053518.html

https://www.ibm.com/developerworks/data/library/techarticle/dm-1512-ssl-data-server-driver-odbc-cli-trs/index.html

clidriver by default will have a DigiCertGlobalRootCA.arm under cfg folder and can be used for SSL connections to dashdb and SQLDB databases.

You can specify "security=SSL;sslservercertificate=<path to cfg folder of clidriver installation/DigiCertGlobalRootCA.arm>;" in the connection string.

sslservercertificate can also contain the server certificate created and extracted by you.

example:

conn=ibm_db.connect('database=testpy;security=ssl;sslservercertificate=C:\Users\skauser\Documents\CLI\SSL\testpy_client_ssl\server.arm;protocol=tcpip;hostname=hostnameofyourmachine;port=sslport;uid=db2admin;pwd=XXXXXX;','','')

Try and let me know if you face any issues.

Thanks,

Saba.

[Alok]

Hi Saba,

Thanks for the detailed explanation.
I will look into it. 

Regards,

Alok

On Aug 21, 2020, at 12:49 AM, Saba Kauser <skause...@gmail.com> wrote:



--
You received this message because you are subscribed to the Google Groups "ibm_db" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ibm_db+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ibm_db/c1faf524-91c8-48cc-a9fe-b5ca5aea0978n%40googlegroups.com.