ABL Reference

ENCRYPT-AUDIT-MAC-KEY( ) method

Save PDF

ENCRYPT-AUDIT-MAC-KEY( ) method

Save PDF

Last Updated: April 22, 2026
1 minute read

OpenEdge
Version 12.2
Documentation

Encodes the specified character expression and returns an encoded character value—prefixed with an identifier—that can be stored for later use in message authentication code (MAC) operations.

Return type: CHARACTER

Applies to: AUDIT-POLICY system handle

Syntax


`ENCRYPT-AUDIT-MAC-KEY ( key [, prefix ] )`

key: A character expression containing the key to encode. The AVM converts this key to UTF-8 before encoding and storage, which helps produce consistent results regardless of code page settings.
prefix: A character expression that identifies the encoding prefix to apply to key. See Encoding prefix in Learn about Security and Auditing for more information.
If the prefix is omitted, invalid, or unsupported, the AVM raises a runtime error.
Note: The prefix parameter was introduced in OpenEdge 12.2.19.

The following pseudo-code uses ENCRYPT-AUDIT-MAC-KEY() to set a database MAC key:

`DEFINE VARIABLE cVal AS CHARACTER NO-UNDO. DEFINE VARIABLE cKey AS CHARACTER NO-UNDO INITIAL "Open Sesame". . . . cVal = AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cKey,"ae2h6"). FIND _db-detail. PUT-STRING(_db-detail._db-mac-key, 1, LENGTH(cVal)) = cVal.`

DEFINE VARIABLE cVal AS CHARACTER NO-UNDO.
DEFINE VARIABLE cKey AS CHARACTER NO-UNDO INITIAL "Open Sesame".
. . .
cVal = AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cKey,"ae2h6").
FIND _db-detail.
PUT-STRING(_db-detail._db-mac-key, 1, LENGTH(cVal)) = cVal.

Note: This code is shown for illustration purposes only. To set the MAC key for an OpenEdge database, you should use the Data Administration tool.

The following example uses ENCRYPT-AUDIT-MAC-KEY() to encode a password for a database connection:

`DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO. DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO. CONNECT C:\OpenEdge\WRK\db\Sports2020 VALUE( "-U " + cUserID + " -P " + AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd, "ae2h6")) -H dbserver -S 1900 NO-ERROR.`

DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO.

CONNECT C:\OpenEdge\WRK\db\Sports2020 
  VALUE( "-U " + cUserID +
        " -P " + AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd, "ae2h6"))
  -H dbserver -S 1900 NO-ERROR.

In this example, cUserID and cPasswd represent credentials entered by a user to authenticate and establish identity for the Sports2020 database connection. The encoded password is passed as the value of the -P (Password) connection parameter.

OpenEdge recognizes this encoding format anywhere a password is accepted—for example, when setting the PRIMARY-PASSPHRASE attribute on the Client-principal object handle for OpenEdge-performed user authentication.

For more information on password encoding in ABL, see Password encoding in OpenEdge Programming Interfaces.