HELP: Raw decryption TYPE: OBJECT SYNTAX: EDC(METHOD=CLEAR/PASSWORD/LABEL,ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA,KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32,MODE=ECB/CBC/OFB/CFB/CTR/GCM,PADDING=NONE/NOPAD/PKCS,KDF/PW2KEY=OLDSSL/PBKDF2,MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512,ITER=num,IV='bin-hex'/ZERO,SALT='bin-hex'/NONE/RANDOM,KEY='bin-hex',PASSWORD='str',LABEL='str',FKM5(),TAG='bin-hex',OFFSET=num,PARM='str'/STDOUT/STDERR)
Decryption based on clear keys, passwords or the FLAM5 key management
extension (FKM5) using a key label. This object is a subset of
CNV.EDC(). For more information see the
corresponding page of the XCNV
command.
The EDC object will not result in decryption if the data present
conforms to a supported format or (except for ECB mode) has redundancies.
This corresponds in the CNV.EDC()
with SKPFMT=SUPPREDU
.
With the EDC component it is not possible to recognise whether the key is the correct one, therefore it does not make sense to keep more than one key value (clear key, passphrase or label).
NUMBER: METHOD=CLEAR/PASSWORD/LABEL - Method for key determination [AUTO]
CLEAR - Clear key crypto (en/decrypt with raw unprotected key value)
PASSWORD - Password-based crypto (using key derivation function (KDF))
LABEL - Protected key crypto using label (FKM5 required)
NUMBER: ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA - Algorithm used for decryption [AES]
AES - Advanced encryption standard (Rijndael)
TDES - Triple DES (Data encryption standard)
CAST5 - CAST5/CAST-128 (Carlisle Adams, Stafford Tavares)
CAST128 - CAST-128/CAST5 (Carlisle Adams, Stafford Tavares)
IDEA - International Data Encryption Algorithm
BLOWFISH - Blowfish from Bruce Schneier
BF - Blowfish from Bruce Schneier
CAMELLIA - Camellia from Japan (Mitsubishi Electric and NTT)
NUMBER: KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32 - Key length if passphrase used
KL064 - Key length 64 bits (8 bytes)
KL128 - Key length 128 bits (16 bytes)
KL192 - Key length 192 bits (24 bytes)
KL256 - Key length 256 bits (32 bytes)
KL08 - Key length 8 bytes (64 bits)
KL16 - Key length 16 bytes (128 bits)
KL24 - Key length 24 bytes (192 bits)
KL32 - Key length 32 bytes (256 bits)
NUMBER: MODE=ECB/CBC/OFB/CFB/CTR/GCM - Mode of operation [if TAG then GCM else CBC]
ECB - Electronic codebook mode
CBC - Cipher block chaining mode
OFB - Output feedback mode
CFB - Cipher feedback mode
CTR - Counter mode
GCM - Galois/Counter Mode
NUMBER: PADDING=NONE/NOPAD/PKCS - Padding for CBC or ECB mode [PKCS]
NONE - No padding (remaining data must have a multiple of the block length)
NOPAD - No padding (remaining data must have a multiple of the block length)
PKCS - OpenSSL conform PKCS padding
NUMBER: KDF/PW2KEY=OLDSSL/PBKDF2 - Password to key derivation function [OLDSSL]
OLDSSL - Legacy OpenSSL key derivation (avoid use, default: SHA-256 with 1 round, hint: OpenSSL < 1.1.0 used MD5)
PBKDF2 - PBKDF2 key derivation function (default: SHA-256 with 10000 rounds, available from OpenSSL 1.1.1)
NUMBER: MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512 - Hash algorithm for key derivation [SHA256]
MD5 - Message Digest 5 with 128 bits
SHA1 - Secure Hash Algorithm 1 with 160 bits
SHA224 - Secure Hash Algorithm 2 with 224 bits
SHA256 - Secure Hash Algorithm 2 with 256 bits
SHA384 - Secure Hash Algorithm 2 with 384 bits
SHA512 - Secure Hash Algorithm 2 with 512 bits
SHA3-224 - Secure Hash algorithm 3 with 224 bits
SHA3-256 - Secure Hash Algorithm 3 with 256 bits
SHA3-384 - Secure Hash Algorithm 3 with 384 bits
SHA3-512 - Secure Hash Algorithm 3 with 512 bits
NUMBER: ITER=num - Iteration count for PBKDF2, implies METHOD=PBKDF2 if specified [10000]
STRING: IV='bin-hex'/ZERO - Initialization vector for all modes except ECB [ZERO]
ZERO - Initialization vector of binary zeros
STRING: SALT='bin-hex'/NONE/RANDOM - Salt for salted passphrase-based decryption [AUTO]
NONE - No salt (not recommended)
RANDOM - Random generated salt
STRING: KEY='bin-hex' - Clear key value (direct entry of raw value (dangerous))
STRING: PASSWORD='str' - Passphrase with or without salting
STRING: LABEL='str' - Label to reference a protected key (FKM5 required)
STRING: TAG='bin-hex' - The tag value for verification (only for GCM mode)
NUMBER: OFFSET=num - Offset before decryption begins [0]
STRING: PARM='str'/STDOUT/STDERR - Side file with parameter used for decryption (merged if not empty else written)
STDOUT - Write output to stdout
STDERR - Write output to stderr