EDC

Synopsis

HELP:   Raw decryption
TYPE:   OBJECT
SYNTAX: EDC(METHOD=CLEAR/PASSWORD/LABEL,ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA,KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32,MODE=ECB/CBC/OFB/CFB/CTR/GCM,PADDING=NONE/NOPAD/PKCS,KDF/PW2KEY=OLDSSL/PBKDF2,MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512,ITER=num,IV='bin-hex'/ZERO,SALT='bin-hex'/NONE/RANDOM,KEY='bin-hex',PASSWORD='str',LABEL='str',FKM5(),TAG='bin-hex',OFFSET=num,PARM='str'/STDOUT/STDERR)

Description

Decryption based on clear keys, passwords or the FLAM5 key management extension (FKM5) using a key label. This object is a subset of CNV.EDC(). For more information see the corresponding page of the XCNV command.

The EDC object will not result in decryption if the data present conforms to a supported format or (except for ECB mode) has redundancies. This corresponds in the CNV.EDC() with SKPFMT=SUPPREDU.

With the EDC component it is not possible to recognise whether the key is the correct one, therefore it does not make sense to keep more than one key value (clear key, passphrase or label).

Arguments

• NUMBER: METHOD=CLEAR/PASSWORD/LABEL - Method for key determination [AUTO]
  • CLEAR - Clear key crypto (en/decrypt with raw unprotected key value)
  • PASSWORD - Password-based crypto (using key derivation function (KDF))
  • LABEL - Protected key crypto using label (FKM5 required)
• NUMBER: ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA - Algorithm used for decryption [AES]
  • AES - Advanced encryption standard (Rijndael)
  • TDES - Triple DES (Data encryption standard)
  • CAST5 - CAST5/CAST-128 (Carlisle Adams, Stafford Tavares)
  • CAST128 - CAST-128/CAST5 (Carlisle Adams, Stafford Tavares)
  • IDEA - International Data Encryption Algorithm
  • BLOWFISH - Blowfish from Bruce Schneier
  • BF - Blowfish from Bruce Schneier
  • CAMELLIA - Camellia from Japan (Mitsubishi Electric and NTT)
• NUMBER: KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32 - Key length if passphrase used
  • KL064 - Key length 64 bits (8 bytes)
  • KL128 - Key length 128 bits (16 bytes)
  • KL192 - Key length 192 bits (24 bytes)
  • KL256 - Key length 256 bits (32 bytes)
  • KL08 - Key length 8 bytes (64 bits)
  • KL16 - Key length 16 bytes (128 bits)
  • KL24 - Key length 24 bytes (192 bits)
  • KL32 - Key length 32 bytes (256 bits)
• NUMBER: MODE=ECB/CBC/OFB/CFB/CTR/GCM - Mode of operation [if TAG then GCM else CBC]
  • ECB - Electronic codebook mode
  • CBC - Cipher block chaining mode
  • OFB - Output feedback mode
  • CFB - Cipher feedback mode
  • CTR - Counter mode
  • GCM - Galois/Counter Mode
• NUMBER: PADDING=NONE/NOPAD/PKCS - Padding for CBC or ECB mode [PKCS]
  • NONE - No padding (remaining data must have a multiple of the block length)
  • NOPAD - No padding (remaining data must have a multiple of the block length)
  • PKCS - OpenSSL conform PKCS padding
• NUMBER: KDF/PW2KEY=OLDSSL/PBKDF2 - Password to key derivation function [OLDSSL]
  • OLDSSL - Legacy OpenSSL key derivation (avoid use, default: SHA-256 with 1 round, hint: OpenSSL < 1.1.0 used MD5)
  • PBKDF2 - PBKDF2 key derivation function (default: SHA-256 with 10000 rounds, available from OpenSSL 1.1.1)
• NUMBER: MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512 - Hash algorithm for key derivation [SHA256]
  • MD5 - Message Digest 5 with 128 bits
  • SHA1 - Secure Hash Algorithm 1 with 160 bits
  • SHA224 - Secure Hash Algorithm 2 with 224 bits
  • SHA256 - Secure Hash Algorithm 2 with 256 bits
  • SHA384 - Secure Hash Algorithm 2 with 384 bits
  • SHA512 - Secure Hash Algorithm 2 with 512 bits
  • SHA3-224 - Secure Hash algorithm 3 with 224 bits
  • SHA3-256 - Secure Hash Algorithm 3 with 256 bits
  • SHA3-384 - Secure Hash Algorithm 3 with 384 bits
  • SHA3-512 - Secure Hash Algorithm 3 with 512 bits
• NUMBER: ITER=num - Iteration count for PBKDF2, implies METHOD=PBKDF2 if specified [10000]
• STRING: IV='bin-hex'/ZERO - Initialization vector for all modes except ECB [ZERO]
  • ZERO - Initialization vector of binary zeros
• STRING: SALT='bin-hex'/NONE/RANDOM - Salt for salted passphrase-based decryption [AUTO]
  • NONE - No salt (not recommended)
  • RANDOM - Random generated salt
• STRING: KEY='bin-hex' - Clear key value (direct entry of raw value (dangerous))
• STRING: PASSWORD='str' - Passphrase with or without salting
• STRING: LABEL='str' - Label to reference a protected key (FKM5 required)
• STRING: TAG='bin-hex' - The tag value for verification (only for GCM mode)
• NUMBER: OFFSET=num - Offset before decryption begins [0]
• STRING: PARM='str'/STDOUT/STDERR - Side file with parameter used for decryption (merged if not empty else written)
  • STDOUT - Write output to stdout
  • STDERR - Write output to stderr