OpenEdge Getting Started: OpenEdge Authentication Gateway Guide

STS Password Utility (stspwdutil)

Save PDF

STS Password Utility (stspwdutil)

Save PDF

Last Updated: February 6, 2026
2 minute read

OpenEdge
Version 12.8
Documentation

The stspwdutil utility generates strong (AES-128) encrypted passwords for inclusion into configuration storage and verifies an encrypted password against a clear text string.

stspwdutil 
      {encrypt text-input [key-pad-id]
          | 
            verify encrypted-string reference-string }

text-input: Specify a clear-text value to encrypt and return as a hex-binary encoded value.
Use operating system shell command line escapes and quoting to enter meta-character text.
key-pad-id: Specify an alternate Key Pad ID. The default Key Pad ID is zero (0), and valid values are the range of 0 - 9.

encrypted-string

Specify the hex-binary encoded value to verify.

reference-string: Specify a clear-text value to use in the validation process of encrypted-string. If you do not supply a reference-string value, stspwdutil returns an error.

When stspwdutil is executed with the encrypt option, it takes as input a clear text string and an optional Key Pad ID. The output is an encrypted string.

When stspwdutil is executed with the verify option, it takes as input an encrypted string, and a clear text string to use as a base to verify the encrypted string. The output is true or false.

The stspwdutil utility generates strong (AES-128) encrypted passwords. The output uses an encryption prefix whose algorithm type 'oep' and an encoding type of 'h' (for hex-binary encoding), and a Key Pad ID of 0-9. The encoded hex-binary is in blocks of 16 characters, which reflects its AES encryption algorithm's block size. So the encoded value's size does not reflect the actual size of the encrypted text data.

The encryption prefix of encrypted text has the form aaaed::, described as follows:

aaa — Designates the encryption algorithm type code

e — Designates the text encoding used for the encrypted value, h is specified for hex-binary

d — Designates the Key Pad ID used to generate an encryption key

:: — The delimiter between the prefix and the encoded data

Examples

Examples of stspwdutil with the encrypt option:

proenv> stspwdutil encrypt password
oeph0::76E5F6C162276768465F02E4D2D1DDCD

proenv> stspwdutil encrypt password 3
oeph3::3B295B1855077677CB2ED521DD27C60D

Examples of stsclientutil with the verify option:

proenv> stspwdutil verify eph0::76E5F6C162276768465F02E4D2D1DDCD password 
true

proenv> stspwdutil verify eph0::76E5F6C162276768465F02E4D2D1DDCD mypasswd 
false