Try OpenEdge Now
skip to main content
OpenEdge Authentication Gateway Guide
Reference entries : OpenEdge Authentication Gateway utilities : Strong Password Encryption Utility (stspwdutil)

Strong Password Encryption Utility (stspwdutil)

The stspwdutil utility generates strong (AES-128) encrypted passwords for inclusion into configuration storage and verifies an encrypted password against a clear text string.
{encrypt text-input [key-pad-id]
verify encrypted-string reference-string }
Specify a clear-text value to encrypt and return as a hex-binary encoded value.
Use operating system shell command line escapes and quoting to enter meta-character text.
Specify an alternate Key Pad ID. The default Key Pad ID is zero (0), and valid values are the range of 0 - 9.
Specify the hex-binary encoded value to verify.
Specify a clear-text value to use in the validation process of encrypted-string. If you do not supply a reference-string value, stspwdutil returns an error.
When stspwdutil is executed with the encrypt option, it takes as input a clear text string and an optional Key Pad ID. The output is an encrypted string.
When stspwdutil is executed with the verify option, it takes as input an encrypted string, and a clear text string to use as a base to verify the encrypted string. The output is true or false.
The stspwdutil utility generates strong (AES-128) encrypted passwords. The output uses an encryption prefix whose algorithm type 'oep' and an encoding type of 'h' (for hex-binary encoding), and a Key Pad ID of 0-9. The encoded hex-binary is in blocks of 16 characters, which reflects its AES encryption algorithm's block size. So the encoded value's size does not reflect the actual size of the encrypted text data.
The encryption prefix of encrypted text has the form aaaed::, described as follows:
aaa — Designates the encryption algorithm type code
e — Designates the text encoding used for the encrypted value, h is specified for hex-binary
d — Designates the Key Pad ID used to generate an encryption key
:: — The delimiter between the prefix and the encoded data


Examples of stspwdutil with the encrypt option:
proenv> stspwdutil encrypt password
proenv> stspwdutil encrypt password 3
Examples of stsclientutil with the verify option:
proenv> stspwdutil verify eph0::76E5F6C162276768465F02E4D2D1DDCD password
proenv> stspwdutil verify eph0::76E5F6C162276768465F02E4D2D1DDCD mypasswd