The default encryption key (a binary value) to use with the ENCRYPT and DECRYPT functions. The default value is the Unknown value (?).

Data type: RAW

Access: Write-only

Applies to: SECURITY-POLICY system handle

You may specify this key as a MEMPTR, CHARACTER, or LONGCHAR value, but the AVM treats it as a RAW.

If the value of this attribute is the Unknown value (?), you must provide the encryption key as an argument to the ENCRYPT and DECRYPT functions.

The AVM compares the size of the specified encryption key to the key size specified by the cryptographic algorithm. If the key sizes are inconsistent, the AVM generates a run-time error.

The AVM obscures this attribute value to protect it against unauthorized access. You are responsible for generating, storing, and transporting this value.

You can generate an encryption key, based on the PKCS#5/RFC 2898 standard, by using either the GENERATE-PBE-KEY function or the GENERATE-RANDOM-KEY function.

Note: Do not use the GENERATE-RANDOM-KEY function to assign a key value to this attribute directly. Doing so will render the key irretrievable (as this attribute is write-only).

See also

DECRYPT function, ENCRYPT function