Symmetric-key cryptography is used in OpenEdge in three ways:

  • To provide Transparent Data Encryption of database blocks. For more information on Transprent Data Encryption, see OpenEdge Keystore, or Configure Transparent Data Encryption policies.
  • To provide data privacy on Transport Layer Security (TLS) connections. TLS is an implementation of a Public-Key Infrastructure (PKI). For more information on:
  • To enable ABL applications to provide their own data privacy and integrity functionality, OpenEdge provides symmetric-key cryptography features directly in ABL. In ABL, these features are supported by the:
    • GENERATE-PBE-KEY function (see Password-based encryption (PBE)
    • GENERATE-PBE-SALT function (see Password-based encryption (PBE))
    • GENERATE-RANDOM-KEY function
    • ENCRYPT and DECRYPT functions
    • XCODE utility for encrypting source code. See Manage ABL Applications for more information
    • SECURITY-POLICY system handle to provide a consistent cryptography policy for specifying keys and encryption algorithms for the above functions; note that the XCODE-SESSION-KEY attribute of this handle allows you to provide session-specific keys for encrypted source code

    For more information on the cryptographic features of ABL, see the sections on cryptography in OpenEdge Programming Interfaces.

    CAUTION: Progress Software Corporation recommends that you use the cryptographic features of ABL only if you have a well-grounded understanding of cryptography and its usage. Use of cryptography without the necessary preparation can result in permanent data loss. In general, cryptography can have significant negative impact on application performance and decrease effective data compression for data stored in a database.