VMS Help  —  ENCRYPT  /CREATE_KEY
    Creates a key definition name and value to be used for encrypting
    and decrypting files. The key is a string that represents the
    name under which its value is encrypted and stored in the key
    storage table; a logical name table. A DES key is created in the
    PROCESS logical name table by default unless the /AES qualifier
    is specified. Note that AES requires longer key-length values
    than the 8-byte DES keys. AES requires a minimum of 16, 24,
    or 32 bytes depending on the algorithm/key size specified for
    encryption or decryption.

    Format for the ENCRYPT /CREATE_KEY Command

      ENCRYPT /CREATE_KEY  key-name key-value [qualifiers]

1  –  Parameters

 key-name

    Name under which the encryption key will be stored in the key
    storage table. Specify a character string according to the
    following conventions:

    o  1 to 243 alphanumeric characters

    o  Dollar signs and underscores are valid.

    o  Not case sensitive

    Use a name that has meaning to you, to help you remember it.

                                   NOTE

       Key names beginning with ENCRYPT$ are reserved for VSI.

 key-value

    String representing the value of the encryption key. Specify
    either ASCII text or a hexadecimal constant, as follows:

    o  ASCII text string (default)

       -  Minimum length: 8 (DES) 16, 24, or 32 (AES-128, 192, and
          256 bits respectively).

       -  Maximum length: approximately 240 characters.

       -  The string is not case sensitive for DES keys.

       -  If you use characters other than alphanumeric characters,
          for example, blank spaces, enclose the string in quotation
          marks ( " " ).

    o  Hexadecimal constant

       -  Use the /HEXADECIMAL qualifier.

       -  Valid characters: 0 to 9, A to F (ASCII coded HEX nibbles).

       -  Minimum length: 16 characters-DES-32, 48, or 64 (AES-128,
          192, and 256 bits respectively).

       -  Do not enclose the value in quotation marks.

2  –  Qualifiers

2.1    /AES

    Designates that an AES key is to be created, which is encrypted
    with the AESCBC128 encryption routine.

2.2    /GROUP

    Enters the key definition in the group key storage table.

2.3    /HEXADECIMAL

       /HEXADECIMAL
       /NOHEXADECIMAL

    Specifies that the value for the key is a hexadecimal number.
    Default: key values are interpreted as ASCII text characters (see
    the description of the key-value parameter).

2.4    /JOB

    Enters the key definition in the job key storage table.

2.5    /LOG

    Verifies successful creation of the key.

2.6    /PROCESS

    Enters the key definition in the process key storage table.

2.7    /SYSTEM

    Enters the key definition in the system key storage table.

3  –  Examples

    1.$ ENCRYPT /CREATE_KEY HAMLET
      _ Key value: "And you yourself shall keep the key of it"

      This example defines a DES key named HAMLET with the character
      string value "And you yourself shall keep the key of it".

    2.$ ENCRYPT /CREATE_KEY /HEXADECIMAL ARCANE 2F4A98F46BBC11DC

      This example defines a DES key named ARCANE with hexadecimal
      value of 2F4A98F46BBC11DC.)

    3.$ ENCRYPT /CREATE_KEY MYKEY "The 16 char. key" /LOG/AES

      This example defines an AES key named MYKEY with the minimum
      16-character string value "The 16 char. key" that is required
      for AESxxx128, logging its successful creation. The key is
      encrypted with AES prior to storage in the PROCESS (default)
      logical name table.

    4.$ SHOW LOGICAL ENC* /TABLE=ENCRYPT$KEY_STORE

      LNM$PROCESS_TABLE

        "ENCRYPT$KEY$MYKEY" =  "ê¢É.à­0S%M.....ÕSBò¼¶í.}â0ÓL.ñ.Z"

      LNM$JOB_8210B400

      LNM$GROUP_000001

      ENCRYPT$SYSTEM

      This example shows that key names are prepended with
      ENCRYPT$KEY$, as in the named key ENCRYPT$KEY$MYKEY.
Close Help