Learn about Security and Auditing

Encoding prefix

Save PDF

Encoding prefix

Save PDF

Last Updated: December 4, 2025
2 minute read

OpenEdge
Version 12.2
Documentation

Use encoding prefixes to secure sensitive values for use within OpenEdge components without exposing those values as clear-text values. You can encode:

Password—A mix of letters, numbers, and symbols.
Passphrase—A quoted value that is typically easy to remember, but significantly harder to crack through brute-force attacks due to its length and the entropy introduced by using multiple words. A passphrase may include white space.

The encoding prefix indicates which industry-standard, encryption-based encoding method OpenEdge requires for secure processing between components.

How encoding works

Encoding includes:

Generating an encoded value:
- For example using the genpassword utility to encode a password.
Using an encoded value:
- For example, using encoded passwords in configuration files or runtime inputs allowing OpenEdge to run applications without exposing values as clear text.

Supported prefixes

Select a prefix based on your security needs and compatibility. For example, one encoding prefix may offer stronger encryption-based encoding than another, but may not be supported in older releases. Sorted by encoding strength, this table lists the supported prefixes.

Strength	Prefix	Details
Strong	`oeph{0-9}`	`oep` is OpenEdge Password Encoding. Encodes all values using PBKDF2 (Password-Based Key Derivation Function 2) key generation. `h` creates hexadecimal text. `0` represents the key generation process.
Strong	`ae2{b\|h}{1-9}`	`ae2{b\|h}` is Advanced Encoding. Indicates using longer key block lengths. (64-bit). `b\|h` creates Base64 or hexadecimal text. `1-9` represents the key generation process.
Medium	`ae1{b\|h}{1-9}`	`ae1{b\|h}` is Advanced Encoding. Indicates medium strength (32-bit). `b\|h` creates Base64 or hexadecimal text. `1-9` represents the key generation process.
Pass through	`nopr0`	`nopr` is Non-prefix raw data. `0` represents the key generation process. Use this prefix to pass any value without additional processing. For example, passing an encoded value generated using an external tool that OpenEdge should treat as plain text—Strength is based on strength of the externally generated value.

OpenEdge raises a runtime error if you omit, use an invalid, or specify an unsupported encoding prefix.

For command-line tools such as genpassword, enter genpassword -prefix --help to view the list of supported encoding prefixes.

For more information about genpassword, see genpassword.