HP OpenVMS DCL Dictionary
Creates a key definition name and value to be used for encrypting and
decrypting files. The key is a string that represents the name under
which its value is encrypted and stored in the key storage table; a
logical name table. A DES key is created in the PROCESS logical name
table by default unless the /AES qualifier is specified. Note that AES
requires longer key-length values than the 8-byte DES keys. AES
requires a minimum of 16, 24, or 32 bytes depending on the
algorithm/key size specified for encryption or decryption.
ENCRYPT /CREATE_KEY key-name key-value [qualifiers]
Name under which the encryption key will be stored in the key storage
table. Specify a character string according to the following
- 1 to 243 alphanumeric characters
- Dollar signs and underscores are valid.
- Not case sensitive
Use a name that has meaning to you, to help you remember it.
Key names beginning with ENCRYPT$ are reserved for HP.
String representing the value of the encryption key. Specify either
ASCII text or a hexadecimal constant, as follows:
- ASCII text string (default)
- Minimum length: 8 (DES) 16, 24, or 32 (AES---128, 192, and 256 bits
- Maximum length: approximately 240 characters.
- The string is not case sensitive for DES keys.
- If you use characters other than alphanumeric characters, for
example, blank spaces, enclose the string in quotation marks ( " " ).
- Hexadecimal constant
- Use the /HEXADECIMAL qualifier.
- Valid characters: 0 to 9, A to F (ASCII coded HEX nibbles).
- Minimum length: 16 characters---DES---32, 48, or 64 (AES---128,
192, and 256 bits respectively).
- Do not enclose the value in quotation marks.
Designates that an AES key is to be created, which is encrypted with
the AESCBC128 encryption routine.
Enters the key definition in the group key storage table.
Specifies that the value for the key is a hexadecimal number. Default:
key values are interpreted as ASCII text characters (see the
description of the key-value parameter).
Enters the key definition in the job key storage table.
Verifies successful creation of the key.
Enters the key definition in the process key storage table.
Enters the key definition in the system key storage table.
$ ENCRYPT /CREATE_KEY HAMLET
_ Key value: "And you yourself shall keep the key of it"
This example defines a DES key named HAMLET with the character string
"And you yourself shall keep the key of it"
$ ENCRYPT /CREATE_KEY /HEXADECIMAL ARCANE 2F4A98F46BBC11DC
This example defines a DES key named ARCANE with hexadecimal value of
$ ENCRYPT /CREATE_KEY MYKEY "The 16 char. key" /LOG/AES
This example defines an AES key named MYKEY with the minimum
16-character string value "The 16 char. key" that is required for
AESxxx128, logging its successful creation. The key is
encrypted with AES prior to storage in the PROCESS (default) logical
$ SHOW LOGICAL ENC* /TABLE=ENCRYPT$KEY_STORE
"ENCRYPT$KEY$MYKEY" = "ê¢É.à0S%M.....ÕSBò¼¶í.}â0ÓL.ñ.Z"
This example shows that key names are prepended with ENCRYPT$KEY$, as
in the named key ENCRYPT$KEY$MYKEY.