EDC

Synopsis

HELP:   Raw encryption
TYPE:   OBJECT
SYNTAX: EDC(METHOD=CLEAR/PASSWORD/LABEL,FORMAT=NOHDR/OPENSSL,ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA,KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32,MODE=ECB/CBC/OFB/CFB/CTR/GCM,PADDING=NONE/NOPAD/PKCS,KDF/PW2KEY=OLDSSL/PBKDF2,MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512,ITER=num,IV='bin-hex'/ZERO/RANDOM,SALT='bin-hex'/NONE/RANDOM,KEY='bin-hex'/RANDOM,PASSWORD='str',LABEL='str',FKM5(),PRNKEY,TAG='str'/STDOUT/STDERR,OFFSET=num,PARM='str'/STDOUT/STDERR)

Description

Encryption based on clear keys, passwords or the FLAM5 key management extension (FKM5) using a key label. This object is a subset of CNV.EDC(). For more information see the corresponding page of the XCNV command.

Arguments

• NUMBER: METHOD=CLEAR/PASSWORD/LABEL - Method for key determination [AUTO]
  • CLEAR - Clear key crypto (en/decrypt with raw unprotected key value)
  • PASSWORD - Password-based crypto (using key derivation function (KDF))
  • LABEL - Protected key crypto using label (FKM5 required)
• NUMBER: FORMAT=NOHDR/OPENSSL - File format used [OpenSSL]
  • NOHDR - Don't use an header in front of the data
  • OPENSSL - Use OpenSSL 'SLATED' header if required
• NUMBER: ALGO=AES/TDES/CAST5/CAST128/IDEA/BLOWFISH/BF/CAMELLIA - Algorithm used for encryption [AES]
  • AES - Advanced encryption standard (Rijndael)
  • TDES - Triple DES (Data encryption standard)
  • CAST5 - CAST5/CAST-128 (Carlisle Adams, Stafford Tavares)
  • CAST128 - CAST-128/CAST5 (Carlisle Adams, Stafford Tavares)
  • IDEA - International Data Encryption Algorithm
  • BLOWFISH - Blowfish from Bruce Schneier
  • BF - Blowfish from Bruce Schneier
  • CAMELLIA - Camellia from Japan (Mitsubishi Electric and NTT)
• NUMBER: KEYLEN=num/KL064/KL128/KL192/KL256/KL08/KL16/KL24/KL32 - Key length if passphrase used [longest possible]
  • KL064 - Key length 64 bits (8 bytes)
  • KL128 - Key length 128 bits (16 bytes)
  • KL192 - Key length 192 bits (24 bytes)
  • KL256 - Key length 256 bits (32 bytes)
  • KL08 - Key length 8 bytes (64 bits)
  • KL16 - Key length 16 bytes (128 bits)
  • KL24 - Key length 24 bytes (192 bits)
  • KL32 - Key length 32 bytes (256 bits)
• NUMBER: MODE=ECB/CBC/OFB/CFB/CTR/GCM - Mode of operation [CBC]
  • ECB - Electronic codebook mode
  • CBC - Cipher block chaining mode
  • OFB - Output feedback mode
  • CFB - Cipher feedback mode
  • CTR - Counter mode
  • GCM - Galois/Counter Mode
• NUMBER: PADDING=NONE/NOPAD/PKCS - Padding for CBC or ECB mode [PKCS]
  • NONE - No padding (remaining data must have a multiple of the block length)
  • NOPAD - No padding (remaining data must have a multiple of the block length)
  • PKCS - OpenSSL conform PKCS padding
• NUMBER: KDF/PW2KEY=OLDSSL/PBKDF2 - Password to key derivation function [OLDSSL]
  • OLDSSL - Legacy OpenSSL key derivation (avoid use, default: SHA-256 with 1 round, hint: OpenSSL < 1.1.0 used MD5)
  • PBKDF2 - PBKDF2 key derivation function (default: SHA-256 with 10000 rounds, available from OpenSSL 1.1.1)
• NUMBER: MD/HASH=MD5/SHA1/SHA224/SHA256/SHA384/SHA512/SHA3-224/SHA3-256/SHA3-384/SHA3-512 - Hash algorithm for key derivation [SHA256]
  • MD5 - Message Digest 5 with 128 bits
  • SHA1 - Secure Hash Algorithm 1 with 160 bits
  • SHA224 - Secure Hash Algorithm 2 with 224 bits
  • SHA256 - Secure Hash Algorithm 2 with 256 bits
  • SHA384 - Secure Hash Algorithm 2 with 384 bits
  • SHA512 - Secure Hash Algorithm 2 with 512 bits
  • SHA3-224 - Secure Hash algorithm 3 with 224 bits
  • SHA3-256 - Secure Hash Algorithm 3 with 256 bits
  • SHA3-384 - Secure Hash Algorithm 3 with 384 bits
  • SHA3-512 - Secure Hash Algorithm 3 with 512 bits
• NUMBER: ITER=num - Iteration count for PBKDF2, implies METHOD=PBKDF2 if specified [10000]
• STRING: IV='bin-hex'/ZERO/RANDOM - Initialization vector for all modes except ECB [ZERO]
  • ZERO - Initialization vector of binary zeros
  • RANDOM - Generate random initialization vector
• STRING: SALT='bin-hex'/NONE/RANDOM - Salt for passphrase-based encryption [RANDOM]
  • NONE - No salt (not recommended)
  • RANDOM - Random generated salt
• STRING: KEY='bin-hex'/RANDOM - Clear key value (direct entry of raw value (dangerous))
  • RANDOM - Random generated key
• STRING: PASSWORD='str' - Passphrase with or without salting
• STRING: LABEL='str' - Label to reference a protected key (FKM5 required)
• SWITCH: PRNKEY - Enforce print of clear key values (incl. IV and SALT) to side file (else only if random generated)
• STRING: TAG='str'/STDOUT/STDERR - File to write tag value if GCM mode used (if defined then tag is not written to side file)
  • STDOUT - Write output to stdout
  • STDERR - Write output to stderr
• NUMBER: OFFSET=num - Offset before encryption begins [0]
• STRING: PARM='str'/STDOUT/STDERR - Side file with parameter for decryption (can assigned as parameter file)
  • STDOUT - Write output to stdout
  • STDERR - Write output to stderr