ENCRYPT-AUDIT-MAC-KEY( ) method

Encrypts and encodes the specified character expression and returns an encrypted character value that you can store for later use in message authentication code (MAC) operations.

Return type: CHARACTER

Applies to: AUDIT-POLICY system handle

The following code fragment illustrates how to use the ENCRYPT-AUDIT-MAC-KEY( ) method to set a database MAC key value:

You can also use the ENCRYPT-AUDIT-MAC-KEY( ) method to generate an encrypted value for an OpenEdge password in order to obscure its cleartext value from hacking. For example:

The cUserID and cPasswd parameters pass in a user ID and password that a user might enter in response to a prompt, in this case to authenticate and set the user identity for a connection created for the sports2000 database.

Therefore, cPasswd contains the cleartext value of the password the user has typed. The "oech1::" prefix is an identifier that tells OpenEdge that the value following the "::" is encrypted in a manner that allows it to recover the cleartext value for internal operations, such as validating a user account password. Without the prefix, OpenEdge interprets the string as the cleartext value a user might type directly, and therefore does not attempt to decrypt.

In this example, the encrypted password is passed as the value of the Password (-P) connection parameter. However, OpenEdge understands this encryption format anywhere that it accepts a password—for example, to set the PRIMARY-PASSPHRASE attribute on the client-principal object handle for OpenEdge-performed user authentication.

For more information on using password encryption in ABL, see the documentation on encrypted passwords in OpenEdge Development: Programming Interfaces.