ABL allows you to establish a consistent set of defaults for handling cryptography in an application using the SECURITY-POLICY system handle. These cryptography settings apply globally for the duration of an ABL session. The following table lists the attributes that you can read and set for this system handle. These attributes are both readable and setable unless otherwise indicated.

Table 1. SECURITY-POLICY system handle attributes
Attribute Description
ENCRYPTION-SALT A RAW value used together with a simple password to generate a more random and unique password-based encryption (PBE) key (default: none). For any value that you set, only the first 8 bytes are used, and values with fewer than 8 bytes are padded with zeroes.
Note: Typically, you never need to set this value, and then only if the security specification for your application requires it.
PBE-HASH-ALGORITHM A CHARACTER value that specifies the hashing algorithm to use for generating a PBE key, which you can specify as "MD5", "SHA-1", "SHA-256", or "SHA-512" (default: "SHA-1").
Note: Typically, you never need to set this value, and then only if the security specification for your application requires it.
PBE-KEY-ROUNDS A positive INTEGER value that specifies the number of algorithm iterations to use for PBE key generation (default: 1000).
Note: Extremely large values for this setting can significantly degrade performance. Typically, you never need to set this value, and then only if the security specification for your application requires it.
SYMMETRIC-ENCRYPTION-ALGORITHM A CHARACTER value that specifies a supported algorithm, mode, and key size used by the ABL symmetric encryption and decryption facilities. It must be one of the comma-separated values from the SYMMETRIC-SUPPORT attribute (default: "AES_CBC_128").
SYMMETRIC-ENCRYPTION-KEY A write-only RAW value that specifies the symmetric key to use for encryption and decryption (default: none).
SYMMETRIC-ENCRYPTION-IV A RAW value used together with the symmetric encryption key to provide a more random data encryption (default: none).
Note: Typically, you never need to set this value, and then only if the security specification for your application requires it.
SYMMETRIC-SUPPORT A read-only CHARACTER value that contains a comma-separated list of supported values for the SYMMETRIC-ENCRYPTION-ALGORITHM attribute setting.

For information on OpenEdge-supported defaults and options for setting these attributes, see ABL Reference.

CAUTION: In general, you must manage the values that you set for a cryptography policy in a safe manner, including generation, storage, and transport. Improper management of these values can result in loss of data.