PBE-ALGORITHM attribute
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
A CHARACTER string containing the type of key derivation algorithm to use with the GENERATE-PBE-KEY function.
Data type: CHARACTER
Access: Readable/Writable
Applies to: SECURITY-POLICY system handle
Valid hash algorithm types are:
Legacy(default)PBKDF2
Notes
Legacydefines the original key derivation algorithm used byGENERATE-PBE-KEY(). You can usePBKDF2for a more modern and secure key derivation algorithm.- If FIPS mode is enabled and
PBE-ALGORITHMisLegacy,GENERATE-PBE-KEY()raises an error. - If FIPS mode is enabled and
PBE-ALGORITHMisPBKDF2, the algorithm specified by the PBE-HASH-ALGORITHM attribute must be an algorithm approved by the National Institute of Standards and Technology (NIST). - You can use a
PBKDF2algorithm withGENERATE-PBE-KEY()when FIPS mode is not enabled. The keys generated are the same, given the same input values. However, the keys for theLegacyandPBKDF2options are not the same given the same input values. Therefore, if you are migrating from one algorithm type to the other, stored keys that were generated usingGENERATE-PBE-KEY()must be migrated.