ENCRYPT(), ENCRYPTX()

 Top  Previous  Next

 

The ENCRYPT() and ENCRYPTX() functions encrypt data for secure storage or transmission.

 

 

Format

 

ENCRYPT(data, key)

 

where

 

datais the string to be encrypted.

 

keyis the encryption key to be used. Note that this is the actual key string, not a reference to a key established using the CREATE.KEY command.

 

 

The ENCRYPT() function applies the AES 128 bit encryption algorithm to the supplied data and returns the encrypted text. The key string may be up to 64 characters in length and may contain any character. It is automatically transformed into a form that is usable by the AES algorithm. For optimum data security, the key should be about 16 characters.

 

The encrypted data is post-processed so that it can never contain characters from the C0 control group (characters 0 to 31) or the mark characters. As a result of this operation, the encrypted data is slightly longer than the original source data.

 

The ENCRYPTX() function is similar but uses a random initialisation vector that it included in the returned encrypted string. This results in greater security.

 

Both encrypted data formats are decrypted using the DECRYPT() function.

 

On an ECS mode system, the data to be encrypted must be converted to a byte string using the BS conversion code prior to encryption if it may contain ECS characters. This is because encryption is a byte level operation. The effect of encrypting an ECS string directly is undefined. There is an implication that a program decrypting the data must know that it will need to convert the byte string back to ECS characters.

 

Also note that encrypting the same string in both ECS and non-ECS modes will yield different results as the underlying representation of the data is different.

 

 

Examples

 

FUNCTION LOGIN()

  OPEN 'USERS' TO USR.F ELSE

     DISPLAY 'Cannot open USERS file'

     RETURN @FALSE

  END

  DISPLAY 'User name: ' :

  INPUT USERNAME, 20_:

  READ USER.REC FROM USR.F THEN

     FOR I = 1 TO 3

        DISPLAY 'Password: ' :

        INPUT PW,20_: HIDDEN

        IF ENCRYPT(PW, 'MySecretKey') = USR.REC<1> THEN RETURN @TRUE

        DISPLAY 'Password incorrect'

     NEXT I

  END

  RETURN @FALSE

END

 

The above function prompts for a user name and password, validating these against a record in the USERS file. The password field of this file is encrypted.

 

Changing the encryption line in the above example to be

IF ENCRYPT(OCONV(PW, 'BSH'), 'MySecretKey') = USR.REC<1> THEN RETURN @TRUE

would allow use of ECS characters in the password.

 

 

 

See also:

Data encryption, DECRYPT()