HELP: Raw encryption TYPE: OBJECT SYNTAX: EDC(METHOD=CLEAR/PASSWORD/LABEL,FORMAT=NOHDR/OPENSSL,ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA,KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32,MODE=ECB/CBC/OFB/CFB/CTR/GCM,PADDING=NONE/NOPAD/PKCS,KDF/PW2KEY=OLDSSL/PBKDF2,MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512,ITER=num,IV='bin-hex'/ZERO/RANDOM,SALT='bin-hex'/NONE/RANDOM,KEY='bin-hex'/RANDOM,PASSWORD='str',LABEL='str',FKM5(),PRNKEY,TAG='str'/STDOUT/STDERR,OFFSET=num,PARM='str'/STDOUT/STDERR)
Encryption based on clear keys, passwords or the FLAM5 key management
extension (FKM5) using a key label. This object is a subset of
CNV.EDC(). For more information see the
corresponding page of the XCNV
command.
NUMBER: METHOD=CLEAR/PASSWORD/LABEL - Method for key determination [AUTO]
CLEAR - Clear key crypto (en/decrypt with raw unprotected key value)
PASSWORD - Password-based crypto (using key derivation function (KDF))
LABEL - Protected key crypto using label (FKM5 required)
NUMBER: FORMAT=NOHDR/OPENSSL - File format used [OpenSSL]
NOHDR - Don't use an header in front of the data
OPENSSL - Use OpenSSL 'SLATED' header if required
NUMBER: ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA - Algorithm used for encryption [AES]
AES - Advanced encryption standard (Rijndael)
TDES - Triple DES (Data encryption standard)
CAST5 - CAST5/CAST-128 (Carlisle Adams, Stafford Tavares)
CAST128 - CAST-128/CAST5 (Carlisle Adams, Stafford Tavares)
IDEA - International Data Encryption Algorithm
BLOWFISH - Blowfish from Bruce Schneier
BF - Blowfish from Bruce Schneier
CAMELLIA - Camellia from Japan (Mitsubishi Electric and NTT)
NUMBER: KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32 - Key length if passphrase used [longest possible]
KL064 - Key length 64 bits (8 bytes)
KL128 - Key length 128 bits (16 bytes)
KL192 - Key length 192 bits (24 bytes)
KL256 - Key length 256 bits (32 bytes)
KL08 - Key length 8 bytes (64 bits)
KL16 - Key length 16 bytes (128 bits)
KL24 - Key length 24 bytes (192 bits)
KL32 - Key length 32 bytes (256 bits)
NUMBER: MODE=ECB/CBC/OFB/CFB/CTR/GCM - Mode of operation [CBC]
ECB - Electronic codebook mode
CBC - Cipher block chaining mode
OFB - Output feedback mode
CFB - Cipher feedback mode
CTR - Counter mode
GCM - Galois/Counter Mode
NUMBER: PADDING=NONE/NOPAD/PKCS - Padding for CBC or ECB mode [PKCS]
NONE - No padding (remaining data must have a multiple of the block length)
NOPAD - No padding (remaining data must have a multiple of the block length)
PKCS - OpenSSL conform PKCS padding
NUMBER: KDF/PW2KEY=OLDSSL/PBKDF2 - Password to key derivation function [OLDSSL]
OLDSSL - Legacy OpenSSL key derivation (avoid use, default: SHA-256 with 1 round, hint: OpenSSL < 1.1.0 used MD5)
PBKDF2 - PBKDF2 key derivation function (default: SHA-256 with 10000 rounds, available from OpenSSL 1.1.1)
NUMBER: MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512 - Hash algorithm for key derivation [SHA256]
MD5 - Message Digest 5 with 128 bits
SHA1 - Secure Hash Algorithm 1 with 160 bits
SHA224 - Secure Hash Algorithm 2 with 224 bits
SHA256 - Secure Hash Algorithm 2 with 256 bits
SHA384 - Secure Hash Algorithm 2 with 384 bits
SHA512 - Secure Hash Algorithm 2 with 512 bits
SHA3-224 - Secure Hash algorithm 3 with 224 bits
SHA3-256 - Secure Hash Algorithm 3 with 256 bits
SHA3-384 - Secure Hash Algorithm 3 with 384 bits
SHA3-512 - Secure Hash Algorithm 3 with 512 bits
NUMBER: ITER=num - Iteration count for PBKDF2, implies METHOD=PBKDF2 if specified [10000]
STRING: IV='bin-hex'/ZERO/RANDOM - Initialization vector for all modes except ECB [ZERO]
ZERO - Initialization vector of binary zeros
RANDOM - Generate random initialization vector
STRING: SALT='bin-hex'/NONE/RANDOM - Salt for passphrase-based encryption [RANDOM]
NONE - No salt (not recommended)
RANDOM - Random generated salt
STRING: KEY='bin-hex'/RANDOM - Clear key value (direct entry of raw value (dangerous))
RANDOM - Random generated key
STRING: PASSWORD='str' - Passphrase with or without salting
STRING: LABEL='str' - Label to reference a protected key (FKM5 required)
SWITCH: PRNKEY - Enforce print of clear key values (incl. IV and SALT) to side file (else only if random generated)
STRING: TAG='str'/STDOUT/STDERR - File to write tag value if GCM mode used (if defined then tag is not written to side file)
STDOUT - Write output to stdout
STDERR - Write output to stderr
NUMBER: OFFSET=num - Offset before encryption begins [0]
STRING: PARM='str'/STDOUT/STDERR - Side file with parameter for decryption (can assigned as parameter file)
STDOUT - Write output to stdout
STDERR - Write output to stderr