[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP OpenVMS DCL Dictionary


Previous Contents Index


ENCRYPT /CREATE_KEY

Creates a key definition name and value to be used for encrypting and decrypting files. The key is a string that represents the name under which its value is encrypted and stored in the key storage table; a logical name table. A DES key is created in the PROCESS logical name table by default unless the /AES qualifier is specified. Note that AES requires longer key-length values than the 8-byte DES keys. AES requires a minimum of 16, 24, or 32 bytes depending on the algorithm/key size specified for encryption or decryption.

Format

ENCRYPT /CREATE_KEY key-name key-value [qualifiers]


Parameters

key-name

Name under which the encryption key will be stored in the key storage table. Specify a character string according to the following conventions:
  • 1 to 243 alphanumeric characters
  • Dollar signs and underscores are valid.
  • Not case sensitive

Use a name that has meaning to you, to help you remember it.

Note

Key names beginning with ENCRYPT$ are reserved for HP.

key-value

String representing the value of the encryption key. Specify either ASCII text or a hexadecimal constant, as follows:
  • ASCII text string (default)
    • Minimum length: 8 (DES) 16, 24, or 32 (AES---128, 192, and 256 bits respectively).
    • Maximum length: approximately 240 characters.
    • The string is not case sensitive for DES keys.
    • If you use characters other than alphanumeric characters, for example, blank spaces, enclose the string in quotation marks ( " " ).
  • Hexadecimal constant
    • Use the /HEXADECIMAL qualifier.
    • Valid characters: 0 to 9, A to F (ASCII coded HEX nibbles).
    • Minimum length: 16 characters---DES---32, 48, or 64 (AES---128, 192, and 256 bits respectively).
    • Do not enclose the value in quotation marks.

Qualifiers

/AES

Designates that an AES key is to be created, which is encrypted with the AESCBC128 encryption routine.

/GROUP

Enters the key definition in the group key storage table.

/HEXADECIMAL

/NOHEXADECIMAL

Specifies that the value for the key is a hexadecimal number. Default: key values are interpreted as ASCII text characters (see the description of the key-value parameter).

/JOB

Enters the key definition in the job key storage table.

/LOG

Verifies successful creation of the key.

/PROCESS

Enters the key definition in the process key storage table.

/SYSTEM

Enters the key definition in the system key storage table.

Examples

#1

$ ENCRYPT /CREATE_KEY HAMLET
_ Key value: "And you yourself shall keep the key of it"
      

This example defines a DES key named HAMLET with the character string value "And you yourself shall keep the key of it" .

#2

$ ENCRYPT /CREATE_KEY /HEXADECIMAL ARCANE 2F4A98F46BBC11DC
      

This example defines a DES key named ARCANE with hexadecimal value of 2F4A98F46BBC11DC.)

#3

$ ENCRYPT /CREATE_KEY MYKEY "The 16 char. key" /LOG/AES
      

This example defines an AES key named MYKEY with the minimum 16-character string value "The 16 char. key" that is required for AESxxx128, logging its successful creation. The key is encrypted with AES prior to storage in the PROCESS (default) logical name table.

#4

$ SHOW LOGICAL ENC* /TABLE=ENCRYPT$KEY_STORE
LNM$PROCESS_TABLE
  "ENCRYPT$KEY$MYKEY" =  "ê¢É.à­0S%M.....ÕSBò¼¶í.}â0ÓL.ñ.Z"
        = "AES"
LNM$JOB_8210B400
LNM$GROUP_000001
ENCRYPT$SYSTEM
      

This example shows that key names are prepended with ENCRYPT$KEY$, as in the named key ENCRYPT$KEY$MYKEY.


Previous Next Contents Index