Try OpenEdge Now
skip to main content
Programming Interfaces
Data Management : Application Security : Elements for authenticating ABL user identity : Password encryption
 
Password encryption
You can protect password information during authentication using ABL password encryption. To programmatically generate an encrypted password:
1. Use the ENCRYPT-AUDIT-MAC-KEY( ) method of the AUDIT-POLICY system handle to generate an encrypted version of a clear-text password.
2. Add the encryption format prefix, oech1, to the encrypted password using the double colon (::) separator.
The encryption format prefix, oech1, specifies the encryption algorithm (oec), the encoded password format (h), and the encryption keypad (1). The prefix is necessary so that OpenEdge will properly interpret the string as an encrypted value. Without the prefix, the string would be processed as if it were clear-text.
3. Assign the encrypted password string to a CHARACTER variable.
For example:
DEFINE VARIABLE encpwd AS CHARACTER NO-UNDO.
encpwd = "oech1::" + AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY("clear_text")
The encrypted password, thus generated, can be substituted for a clear-text value in the following contexts:
*As an option in a CONNECT db-name -U user-id -P encpwdstatement
*As a password or domain access code parameter for the client-principal methods: INITIALIZE( ), SEAL( ), and VALIDATE-SEAL( )
*As a value for the client-principal PRIMARY-PASSPHRASE attribute
*As a password parameter for the SETUSERID( ) function
Note: You can also generate an encrypted password using the genpassword utility. This method is useful when you need an encrypted password as a startup parameter value on the command line or in a .pf file. For more information, see the encrypted password procedure in the Password (-P) reference entry of the OpenEdge Deployment: Startup Command and Parameter Reference.