Using ABL encryption and decryption functions
- Last Updated: January 17, 2024
- 2 minute read
- OpenEdge
- Version 12.8
- Documentation
ABL provides two built-in functions, DECRYPT and ENCRYPT,
to encrypt and decrypt data. Both functions rely on cryptographic
parameters that you set using the SECURITY-POLICY system
handle or using options for invoking each function.
These functions have the following syntax:
Syntax
|
|
You can provide the data-to-encrypt as a CHARACTER, LONGCHAR, RAW,
or MEMPTR variable, and the ENCRYPT function
evaluates to a MEMPTR value containing the encrypted
binary byte stream of the data. You can provide the data-to-decrypt as
a MEMPTR or RAW variable containing
an encrypted binary byte stream, and the DECRYPT function
evaluates to a MEMPTR value containing the decrypted
binary byte stream of the data. You can then convert the decrypted MEMPTR value
to a CHARACTER or LONGCHAR in
order to make the decrypted data human-readable. If you need to
encrypt and decrypt more than one value, you can marshall these
items to and unmarshall them from a MEMPTR using PUT-datatype statements
and GET-datatype functions.
If you specify a parameter value for any of the function options,
it overrides any setting of the corresponding SECURITY-POLICY handle
attribute. In order to successful decrypt an encrypted value (resulting
in a DECRYPT return value identical to the data-to-encrypt value
that you input to ENCRYPT), you must invoke both functions
using identical cryptographic parameters as shown in the following table, whether you supply
them as function options or as attributes of your application cryptography
policy.
| Set this cryptographic parameter using... | This function option... | Or this SECURITY-POLICY handle attribute... |
|---|---|---|
| Symmetric key |
|
|
| Initialization vector |
|
|
| Algorithm, mode, and key size |
|
|
For many applications, you do not need to specify an initialization
vector and can use the default algorithm, mode, and key size ("AES_CBC_128").
Typically, you only need to set these values to satisfy specific
application requirements.
You must handle all generation, storage, transportation, and provision of the symmetric key and all other values required to decrypt data that you have encrypted. This includes maintaining binary keys in the correct byte endian order for the platform or platforms where cryptographic operations occur.
For information on:
- The
SECURITY-POLICYsystem handle, see Creating and maintaining a cryptography policy - Key generation, see Generating encryption keys
- Managing and transporting keys and data, see Managing and transporting crypto data