The stspwdutil utility generates strong (AES-128) encrypted passwords for inclusion into configuration storage and verifies an encrypted password against a clear text string.
Specify a clear-text value to encrypt and return as a hex-binary encoded value.
Use operating system shell command line escapes and quoting to enter meta-character text.
key-pad-id
Specify an alternate Key Pad ID. The default Key Pad ID is zero (0), and valid values are the range of 0 - 9.
encrypted-string
Specify the hex-binary encoded value to verify.
reference-string
Specify a clear-text value to use in the validation process of encrypted-string. If you do not supply a reference-string value, stspwdutil returns an error.
When stspwdutil is executed with the encrypt option, it takes as input a clear text string and an optional Key Pad ID. The output is an encrypted string.
When stspwdutil is executed with the verify option, it takes as input an encrypted string, and a clear text string to use as a base to verify the encrypted string. The output is true or false.
The stspwdutil utility generates strong (AES-128) encrypted passwords. The output uses an encryption prefix whose algorithm type 'oep' and an encoding type of 'h' (for hex-binary encoding), and a Key Pad ID of 0-9. The encoded hex-binary is in blocks of 16 characters, which reflects its AES encryption algorithm's block size. So the encoded value's size does not reflect the actual size of the encrypted text data.
The encryption prefix of encrypted text has the form aaaed::, described as follows:
aaa — Designates the encryption algorithm type code
e — Designates the text encoding used for the encrypted value, h is specified for hex-binary
d — Designates the Key Pad ID used to generate an encryption key
:: — The delimiter between the prefix and the encoded data
