|
HSH( ) |
Generate Hash Value |
|
1. Compute Hash Key: |
HSH(string$ [,hashkey$ | ,chunkedhash$][ ,hashtype [,KeyHashedWith] ][,ERR=stmtref]) |
|
HSH(PASSWORD string$ WITH method$,KEY=hashkey$ [,SIZ=keylen ] [,TBL=initval$ ] [,ERR=stmtref]) | |
|
HSH(EXTRACT string$ WITH method$,KEY=hashkey$ [,SIZ=keylen ] [,TBL=initval$ ] [,ERR=stmtref]) | |
|
HSH(PASSWORD "*" WITH "",KEY=''''[,ERR=stmtref]) |
|
string$ |
String expression whose hash value is to be returned or an empty string to finalize a chunked hash. See Chunked Hashing. |
|
hashkey$ |
String expression representing key to use during the hashing/encryption operation. |
|
chunkedhash$ |
String expression representing chunked hash data or an empty string to begin a chunked hash. See Chunked Hashing. |
|
hashtype |
Optional numeric value representing the type of hash to return for the data. An invalid value causes Error #41: Invalid integer encountered. See Note. |
|
initval$ |
Optional initialization value used by some ciphers. |
|
KeyHashedWith |
Optional numeric value used to specify which hashtype the hashkey$ is based on (hashtype values 0 through 6, 224, 256, 384 or 512). Only available with hashtype 7 (HMAC). The HMAC hash is a special case. Data that has been hashed with a hashtype such as MD5 will return an MD5 hash key. When the original data and the MD5 hash key are hashed together as an HMAC, this new HMAC hash is called a Message Authentication Code. An invalid value results in an Error #41: Invalid integer encountered. |
|
keylen |
If supplied, overrides the length of the key used in the encryption algorithm. Applicable only for those algorithms that allow for multiple key lengths. (Value specified is the number of bytes in the key.) |
|
method$ |
String expression with the name of the encryption algorithm to use. See method$ Values. |
|
stmtref |
Program line number or statement label to which to transfer control. |
(Chunked Hashing was added in PxPlus 2019.)
Compute Hash Key
HSH(string$ [,hashkey$ | ,chunkedhash$][ ,hashtype [,KeyHashedWith] ][,ERR=stmtref])
String value that is a hash key for the data or the partial hash data used in subsequent calls.
The HSH( ) function returns a hash value for the given string. The hash value returned in a 2-byte string can be used to check the integrity of a character string. The initial value can be used to calculate the hash value of an entire string by taking its component parts. (See the examples below.)
The type of hash algorithm that will be applied to the data is defined by the hashtype value provided. If no hashtype is given, the default PxPlus internal 2-byte hash algorithm will be used.
The following table defines the currently supported hashtype values:
|
Hashtype |
Description |
|
0 |
PxPlus 2-byte hash (Default, if not specified) |
|
1 |
MD5 |
|
2 |
MD4 |
|
3 |
MD2 Note: |
|
4 |
SHA-1 |
|
5 |
MDC2 |
|
6 |
RIPEMD |
|
7 |
HMAC |
|
224 |
SHA-224 (28-byte value) |
|
256 |
SHA-256 (32-byte value) |
|
384 |
SHA-384 (48-byte value) |
|
512 |
SHA-512 (64-byte value) |
|
-1 |
SHA-1 – using internal functions (This internal function was added in PxPlus v11.00.) |
|
-2 |
SHA-256 (32-byte value) – using internal functions (This internal function was added in PxPlus 2019.) |
If hashtype is from 1 to 7, 224, 256, 384 and 512, OpenSSL libraries are required to perform the hash. Only versions of PxPlus that support OpenSSL and have OpenSSL installed properly will be able to access these hashes. The hashtype must also exist within the OpenSSL modules for the extended hashtypes to be available. Not all builds of OpenSSL contain all possible hashes. If a specific hashtype is not available, an Error #99: Feature not supported is reported.
If hashtype is 7 (HMAC), a key value (hashkey$) must be supplied for the hashing operation. This must be 2 characters in length; otherwise, an Error #46: Length of string invalid is generated. Hashkey$ is optional for when hashtype is 0 and it is ignored for hashtype 1 through 6, 224, 256, 384 and 512. If hashtype is -1 or -2, then hashkey$ is considered chunkedhash$ and should be an empty string or the previously returned chunked hash data. This must be 104 bytes in length; otherwise, an Error #46: Length of string invalid is generated.
If hashtype is 7 (HMAC), a numeric value (KeyHashedWith) can be used to specify which hashtype the hashkey$ is based on (values 0 to 6, 224, 256, 384 and 512). This only applies to hashtype 7. The HMAC hash is a special case. Data that has been hashed with a hashtype such as MD5 will return an MD5 hash key. When the original data and the MD5 hash key are hashed together as an HMAC, the new HMAC hash is called a Message Authentication Code. An invalid value results in an Error #41: Invalid integer encountered.
PxPlus provides internal SHA-1 or SHA-256 hashing (hashtype = -1 or hashtype = -2) that can be used where the application is unsure of the existence of the OpenSSL libraries. This function is handled internally by PxPlus. Unlike all other functions, the return value of these internal functions returns the hash value as an ASCII formatted string containing the Hex hash value (an HTA of the hash result).
When using the internal SHA-1 or SHA-256 function to hash a large amount of data, it may be desirable not to have all of that data in memory. You can hash the data in chunks so that it does not need to be in memory all at once. To do this, begin by passing in an empty string as chunkedhash$. Use the return value of that call in the subsequent calls to hash more data. When you have hashed all the data, make a call with an empty string as string$. The return value of that call will be the hash of all the data.
open (1,isz=1)"bigfile"
read record (1,siz=4096)datachunk$
chunkedhsh$=hsh(datachunk$,"",-2) ! Begin chunked hash
while 1
read record (1,siz=4096,end=*break)datachunk$
chunkedhsh$=hsh(datachunk$,chunkedhsh$,-2) ! Update chunked hash
wend
bigfilehsh$=hsh("",chunkedhsh$,-2) ! Finish chunked hash
(Chunked Hashing was added in PxPlus 2019.)
To get a PxPlus hash of a string:
print hta(hsh("An internal PxPlus Hash"))
3960
To get a PxPlus hash of a string based on a key:
print hta(hsh("An internal PxPlus Hash based on a Key","K1",0))
8AEA
To get an MD5 hash:
print hta(hsh("A string to be MD5 hashed",1))
C9755C05F3EF1704114446A04F4072DF
To get or check a Message for Authentication based on HMAC-SHA-1:
Data$="This is a string of data"
SHA1Hash$=hsh(Data$,4)
MessageAuthenticationKey$=hsh(Data$,SHA1Hash$,7,4)
if KeyReceived$<>MessageAuthenticationKey$ \
then msgbox "Message has been tampered with"
Encrypt Data String
HSH(PASSWORD string$ WITH method$,KEY=hashkey$ [,SIZ=keylen ] [,TBL=initval$ ] [,ERR=stmtref])
Decrypt Data String
HSH(EXTRACT string$ WITH method$,KEY=hashkey$ [,SIZ=keylen ] [,TBL=initval$ ] [,ERR=stmtref])
(The ability to have a SEP table was added in PxPlus v7.00.)
Encrypted (or decrypted) data string value based on the value in string$, the encryption method, and key value.
These forms of the HSH( ) function can be used to utilize any of a number of industry standard encryption formulas to encode data. The HSH(PASSWORD ...) function will take a string of data and, using the specified encryption method and key, return its encrypted value. The HSH(EXTRACT ...) function can be used to reverse this encryption.
Each encryption algorithm (cipher) has specific rules that must be followed by the application and the encryption process in terms of the size and type of key to be provided. Some algorithms require unique keys for encryption versus decryption, enabling you to encrypt data for another application that itself might only have the decryption key. The nature of algorithm chosen is beyond the scope of this document. For further information, refer to documentation that is specific to the algorithm chosen or the OpenSSL whose functions are used by PxPlus.
The method$ value is used to determine the type of algorithm to apply. See method$ Values and Encryption Algorithms.
Methods marked as "legacy" are legacy encryption algorithms and they are not recommended. If you are using a legacy algorithm, it is strongly suggested that you transition to a non-legacy algorithm such as aes256.
As of PxPlus 2022 on Windows and Apple Silicone Mac, OpenSSL legacy ciphers are no longer supported by default. You will need to download (using this link https://home.pvxplus.com/downloads/openssl) and install the legacy OpenSSL library to use legacy ciphers. On UNIX/Linux, legacy ciphers will be supported by default.
Use Format 4 to get a list of available encryption algorithms. The basic algorithms supported (at time of printing) are:
|
Method |
Description (Data derived from www.wikipedia.org information) |
|
aes |
Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was adopted as an encryption standard by the US government. |
|
aria |
ARIA is a block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was designed in 2003 by a large group of South Korean researchers. In 2004, the Korean Agency for Technology and Standards selected it as a standard cryptographic technique. |
|
bf |
(Legacy - Not Recommended) See Legacy Cipher Support. Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. |
|
camellia |
Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard. |
|
cast, cast5 |
(Legacy - Not Recommended) See Legacy Cipher Support. CAST is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications Security Establishment. |
|
chacha20 |
ChaCha20 is a stream cipher developed by Daniel J. Bernstein. It was designed in 2005 then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. |
|
des, des3 |
(Legacy - Not Recommended) See Legacy Cipher Support. The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and has subsequently enjoyed widespread use internationally. Triple DES (DES3) is a block cipher formed from the Data Encryption Standard (DES) cipher by using it three times. |
|
desx |
(Legacy - Not Recommended) See Legacy Cipher Support. DES-X is a variant on the DES (Data Encryption Standard) block cipher intended to increase the complexity of a brute force attack using a technique called key whitening. |
|
idea |
(Legacy - Not Recommended) See Legacy Cipher Support. The International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). |
|
rc2 |
(Legacy - Not Recommended) See Legacy Cipher Support. RC2 is a block cipher designed by Ron Rivest in 1987. ("RC" stands for "Ron's Code" or "Rivest Cipher".) |
|
rc4 |
(Legacy - Not Recommended) See Legacy Cipher Support. RC4 (also known as ARC4 or ARCFOUR) is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). |
|
seed |
(Legacy - Not Recommended) See Legacy Cipher Support. SEED is a block cipher developed by the Korea Internet & Security Agency (KISA). It is used broadly throughout South Korean industry but seldom found elsewhere. |
|
sm4 |
SM4 (formerly SMS4) is a block cipher used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure). |
Most of the encryption algorithms have a wide variety of options in terms of how they are used; thus, the actual value in method$ usually needs to specify more than the basic method. Details as to the exact nature of each of the methods are beyond the scope of this document.
The known/supported method$ values within the OpenSSL libraries are:
|
method$ Value |
Description of Cipher/Encryption Technique |
|
aes-128-cbc |
128-bit Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode |
|
aes128 |
Alias for AES-128-CBC |
|
aes128-wrap |
Alias for id-aes128-wrap |
|
aes128-wrap-pad |
Alias for id-aes128-wrap-pad |
|
aes-128-ccm |
Alias for id-aes128-ccm |
|
aes-128-cfb |
128-bit Advanced Encryption Standard (AES) in Cipher Feedback (CFB) mode |
|
aes-128-cfb1 |
128-bit Advanced Encryption Standard (AES) in 1-bit Cipher Feedback (CFB) mode |
|
aes-128-cfb8 |
128-bit Advanced Encryption Standard (AES) in 8-bit Cipher Feedback (CFB) mode |
|
aes-128-ctr |
128-bit Advanced Encryption Standard (AES) in Counter (CTR) mode |
|
aes-128-ecb |
128-bit Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode |
|
aes-128-gcm |
Alias for id-aes128-gcm |
|
aes-128-ocb |
128-bit Advanced Encryption Standard (AES) in Offset Codebook (OCB) mode |
|
aes-128-ofb |
128-bit Advanced Encryption Standard (AES) in Output Feedback (OFB) mode |
|
aes-128-wrap |
Alias for id-aes128-wrap |
|
aes-128-wrap-pad |
Alias for id-aes128-wrap-pad |
|
aes-128-xts |
128-bit Advanced Encryption Standard (AES) in XEX-based Tweaked-codebook with Ciphertext Stealing (XTS) mode |
|
aes-192-cbc |
192-bit Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode |
|
aes192 |
Alias for AES-192-CBC |
|
aes192-wrap |
Alias for id-aes192-wrap |
|
aes192-wrap-pad |
Alias for id-aes192-wrap-pad |
|
aes-192-ccm |
Alias for id-aes192-ccm |
|
aes-192-cfb |
192-bit Advanced Encryption Standard (AES) in Cipher Feedback (CFB) mode |
|
aes-192-cfb1 |
192-bit Advanced Encryption Standard (AES) in 1-bit Cipher Feedback (CFB) mode |
|
aes-192-cfb8 |
192-bit Advanced Encryption Standard (AES) in 8-bit Cipher Feedback (CFB) mode |
|
aes-192-ctr |
192-bit Advanced Encryption Standard (AES) in Counter (CTR) mode |
|
aes-192-ecb |
192-bit Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode |
|
aes-192-ocb |
192-bit Advanced Encryption Standard (AES) in Offset Codebook (OCB) mode |
|
aes-192-ofb |
192-bit Advanced Encryption Standard (AES) in Output Feedback (OFB) mode |
|
aes-192-wrap |
Alias for id-aes192-wrap |
|
aes-192-wrap-pad |
Alias for id-aes192-wrap-pad |
|
aes-256-cbc |
256-bit Advanced Encryption Standard (AES) in Cipher Block Chaining (CBC) mode |
|
aes256 |
Alias for AES-256-CBC |
|
aes-256-wrap |
Alias for id-aes256-wrap |
|
aes-256-wrap-pad |
Alias for id-aes256-wrap-pad |
|
aes-256-ccm |
Alias for id-aes256-ccm |
|
aes-256-cfb |
256-bit Advanced Encryption Standard (AES) in Cipher Feedback (CFB) mode |
|
aes-256-cfb1 |
256-bit Advanced Encryption Standard (AES) in 1-bit Cipher Feedback (CFB) mode |
|
aes-256-cfb8 |
256-bit Advanced Encryption Standard (AES) in 8-bit Cipher Feedback (CFB) mode |
|
aes-256-ctr |
256-bit Advanced Encryption Standard (AES) in Counter (CTR) mode |
|
aes-256-ecb |
256-bit Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode |
|
aes-256-ocb |
256-bit Advanced Encryption Standard (AES) in Offset Codebook (OCB) mode |
|
aes-256-ofb |
256-bit Advanced Encryption Standard (AES) in Output Feedback (OFB) mode |
|
aes-256-wrap |
Alias for id-aes256-wrap |
|
aes-256-wrap-pad |
Alias for id-aes256-wrap-pad |
|
aes-256-xts |
256-bit Advanced Encryption Standard (AES) in XEX-based Tweaked-codebook with Ciphertext Stealing (XTS) mode |
|
aria-128-cbc |
128-bit ARIA in Cipher Block Chaining (CBC) mode |
|
aria128 |
Alias for ARIA-128-CBC |
|
aria-128-ccm |
128-bit ARIA in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
aria-128-cfb |
128-bit ARIA in Cipher Feedback (CFB) mode |
|
aria-128-cfb1 |
128-bit ARIA in 1-bit Cipher Feedback (CFB) mode |
|
aria-128-cfb8 |
128-bit ARIA in 8-bit Cipher Feedback (CFB) mode |
|
aria-128-ctr |
128-bit ARIA in Counter (CTR) mode |
|
aria-128-ecb |
128-bit ARIA in Electronic Codebook (ECB) mode |
|
aria-128-gcm |
128-bit ARIA in Galois/Counter Mode (GCM) |
|
aria-128-ofb |
128-bit ARIA in Output Feedback (OFB) mode |
|
aria-192-cbc |
192-bit ARIA in Cipher Block Chaining (CBC) mode |
|
aria192 |
Alias for ARIA-192-CBC |
|
aria-192-ccm |
192-bit ARIA in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
aria-192-cfb |
192-bit ARIA in Cipher Feedback (CFB) mode |
|
aria-192-cfb1 |
192-bit ARIA in 1-bit Cipher Feedback (CFB) mode |
|
aria-192-cfb8 |
192-bit ARIA in 8-bit Cipher Feedback (CFB) mode |
|
aria-192-ctr |
192-bit ARIA in Counter (CTR) mode |
|
aria-192-ecb |
192-bit ARIA in Electronic Codebook (ECB) mode |
|
aria-192-gcm |
192-bit ARIA in Galois/Counter Mode (GCM) |
|
aria-192-ofb |
192-bit ARIA in Output Feedback (OFB) mode |
|
aria-256-cbc |
256-bit ARIA in Cipher Block Chaining (CBC) mode |
|
aria256 |
Alias for ARIA-256-CBC |
|
aria-256-ccm |
256-bit ARIA in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
aria-256-cfb |
256-bit ARIA in Cipher Feedback (CFB) mode |
|
aria-256-cfb1 |
256-bit ARIA in 1-bit Cipher Feedback (CFB) mode |
|
aria-256-cfb8 |
256-bit ARIA in 8-bit Cipher Feedback (CFB) mode |
|
aria-256-ctr |
256-bit ARIA in Counter (CTR) mode |
|
aria-256-ecb |
256-bit ARIA in Electronic Codebook (ECB) mode |
|
aria-256-gcm |
256-bit ARIA in Galois/Counter Mode (GCM) |
|
aria-256-ofb |
256-bit ARIA in Output Feedback (OFB) mode |
|
bf-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. Blowfish in Cipher Block Chaining (CBC) mode |
|
bf |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for BF-CBC |
|
bf-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. Blowfish in Cipher Feedback (CFB) mode |
|
bf-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. Blowfish in Electronic Codebook (ECB) mode |
|
bf-ofb |
(Legacy - Not Recommended) See Legacy Cipher Support. Blowfish in Output Feedback (OFB) mode |
|
camellia-128-cbc |
128-bit Camellia in Cipher Block Chaining (CBC) mode |
|
camellia128 |
Alias for CAMELLIA-128-CBC |
|
camellia-128-cfb |
128-bit Camellia in Cipher Feedback (CFB) mode |
|
camellia-128-cfb1 |
128-bit Camellia in 1-bit Cipher Feedback (CFB) mode |
|
camellia-128-cfb8 |
128-bit Camellia in 8-bit Cipher Feedback (CFB) mode |
|
camellia-128-ctr |
128-bit Camellia in Counter (CTR) mode |
|
camellia-128-ecb |
128-bit Camellia in Electronic Codebook (ECB) mode |
|
camellia-128-ofb |
128-bit Camellia in Output Feedback (OFB) mode |
|
camellia-192-cbc |
192-bit Camellia in Cipher Block Chaining (CBC) mode |
|
camellia192 |
Alias for CAMELLIA-192-CBC |
|
camellia-192-cfb |
192-bit Camellia in Cipher Feedback (CFB) mode |
|
camellia-192-cfb1 |
192-bit Camellia in 1-bit Cipher Feedback (CFB) mode |
|
camellia-192-cfb8 |
192-bit Camellia in 8-bit Cipher Feedback (CFB) mode |
|
camellia-192-ctr |
192-bit Camellia in Counter (CTR) mode |
|
camellia-192-ecb |
192-bit Camellia in Electronic Codebook (ECB) mode |
|
camellia-192-ofb |
192-bit Camellia in Output Feedback (OFB) mode |
|
camellia-256-cbc |
256-bit Camellia in Cipher Block Chaining (CBC) mode |
|
camellia256 |
Alias for CAMELLIA-256-CBC |
|
camellia-256-cfb |
256-bit Camellia in Cipher Feedback (CFB) mode |
|
camellia-256-cfb1 |
256-bit Camellia in 1-bit Cipher Feedback (CFB) mode |
|
camellia-256-cfb8 |
256-bit Camellia in 8-bit Cipher Feedback (CFB) mode |
|
camellia-256-ctr |
256-bit Camellia in Counter (CTR) mode |
|
camellia-256-ecb |
256-bit Camellia in Electronic Codebook (ECB) mode |
|
camellia-256-ofb |
256-bit Camellia in Output Feedback (OFB) mode |
|
cast5-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. CAST5 in Cipher Block Chaining (CBC) mode |
|
cast |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for CAST5-CBC |
|
cast-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for CAST5-CBC |
|
cast5-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. CAST5 in Cipher Feedback (CFB) mode |
|
cast5-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. CAST5 in Electronic Codebook (ECB) mode |
|
cast5-ofb |
(Legacy - Not Recommended) See Legacy Cipher Support. CAST5 in Output Feedback (OFB) mode |
|
chacha20 |
ChaCha20 stream cipher |
|
chacha20-poly1305 |
ChaCha20 stream cipher with the Poly1305 message authentication code |
|
des-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode |
|
des |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for DES-CBC |
|
des-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. Data Encryption Standard (DES) in Cipher Feedback (CFB) mode |
|
des-cfb1 |
(Legacy - Not Recommended) See Legacy Cipher Support. Data Encryption Standard (DES) in 1-bit Cipher Feedback (CFB) mode |
|
des-cfb8 |
(Legacy - Not Recommended) See Legacy Cipher Support. Data Encryption Standard (DES) in 8-bit Cipher Feedback (CFB) mode |
|
des-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. Data Encryption Standard (DES) in Electronic Codebook (ECB) mode |
|
des-ede |
Two key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Electronic Codebook (ECB) mode |
|
des-ede-cbc |
Two key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode |
|
des-ede-cfb |
Two key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Cipher Feedback (CFB) mode |
|
des-ede-ecb |
Alias for DES-EDE |
|
des-ede-ofb |
Two key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Output Feedback (OFB) mode |
|
des-ede3 |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Electronic Codebook (ECB) mode |
|
des-ede3-cbc |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode |
|
des-ede3-cfb |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Cipher Feedback (CFB) mode |
|
des-ede3-cfb1 |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in 1-bit Cipher Feedback (CFB) mode |
|
des-ede3-cfb8 |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in 8-bit Cipher Feedback (CFB) mode |
|
des-ede3-ecb |
Alias for DES-EDE3 |
|
des-ede3-ofb |
Three key triple Encrypt-Decrypt-Encrypt (EDE) Data Encryption Standard (DES) in Output Feedback (OFB) mode |
|
des-ofb |
Data Encryption Standard (DES) in Output Feedback (OFB) mode |
|
des3 |
Alias for DES-EDE3-CBC |
|
des3-wrap |
Alias for id-smime-alg-CMS3DESwrap |
|
desx-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. DESX algorithm (Data Encryption Standard (DES) variant) in Cipher Block Chaining (CBC) mode |
|
desx |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for DESX-CBC |
|
id-aes128-ccm |
128-bit Advanced Encryption Standard (AES) in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
id-aes128-gcm |
128-bit Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) mode |
|
id-aes128-wrap |
128-bit Advanced Encryption Standard (AES) in key wrapping mode |
|
id-aes128-wrap-pad |
128-bit Advanced Encryption Standard (AES) in key wrapping with padding mode |
|
id-aes192-ccm |
192-bit Advanced Encryption Standard (AES) in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
id-aes192-gcm |
192-bit Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) mode |
|
id-aes192-wrap |
192-bit Advanced Encryption Standard (AES) in key wrapping mode |
|
id-aes192-wrap-pad |
192-bit Advanced Encryption Standard (AES) in key wrapping with padding mode |
|
id-aes256-ccm |
256-bit Advanced Encryption Standard (AES) in Counter with Cipher Block Chaining Message Authentication Code (CCM) mode |
|
id-aes256-gcm |
256-bit Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) mode |
|
id-aes256-wrap |
256-bit Advanced Encryption Standard (AES) in key wrapping mode |
|
id-aes256-wrap-pad |
256-bit Advanced Encryption Standard (AES) in key wrapping with padding mode |
|
id-smime-alg-cms3deswrap |
Cryptographic Message Syntax (CMS) implementation with triple Data Encryption Standard (3DES) key wrap |
|
idea-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. International Data Encryption Algorithm (IDEA) in Cipher Block Chaining (CBC) mode |
|
idea |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for IDEA-CBC |
|
idea-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. International Data Encryption Algorithm (IDEA) in Cipher Feedback (CFB) mode |
|
idea-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. International Data Encryption Algorithm (IDEA) in Electronic Codebook (ECB) mode |
|
idea-ofb |
(Legacy - Not Recommended) See Legacy Cipher Support. International Data Encryption Algorithm (IDEA) in Output Feedback (OFB) mode |
|
rc2-40-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. 40-bit RC2 in Cipher Block Chaining (CBC) mode |
|
rc2-40 |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for RC2-40-CBC |
|
rc2-64-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. 64-bit RC2 in Cipher Block Chaining (CBC) mode |
|
rc2-64 |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for RC2-64-CBC |
|
rc2-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC2 in Cipher Block Chaining (CBC) mode |
|
rc2 |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for RC2-CBC |
|
rc2-128 |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for RC2-CBC |
|
rc2-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC2 in Cipher Feedback (CFB) mode |
|
rc2-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC2 in Electronic Codebook (ECB) mode |
|
rc2-ofb |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC2 in Output Feedback (OFB) mode |
|
rc4 |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC4 |
|
rc4-40 |
(Legacy - Not Recommended) See Legacy Cipher Support. 40-bit RC4 |
|
rc4-hmac-md5 |
(Legacy - Not Recommended) See Legacy Cipher Support. 128-bit RC4 with Hashed Message Authentication Code (HMAC) using the Message-Digest algorithm 5 (MD5) checksum function |
|
seed-cbc |
(Legacy - Not Recommended) See Legacy Cipher Support. SEED in Cipher Block Chaining (CBC) mode |
|
seed |
(Legacy - Not Recommended) See Legacy Cipher Support. Alias for SEED-CBC |
|
seed-cfb |
(Legacy - Not Recommended) See Legacy Cipher Support. SEED in Cipher Feedback (CFB) mode |
|
seed-ecb |
(Legacy - Not Recommended) See Legacy Cipher Support. SEED in Electronic Codebook (ECB) mode |
|
seed-ofb |
(Legacy - Not Recommended) See Legacy Cipher Support. SEED in Output Feedback (OFB) mode |
|
sm4-cbc |
SM4 in Cipher Block Chaining (CBC) mode |
|
sm4 |
Alias for SM4-CBC |
|
sm4-cfb |
SM4 in Cipher Feedback (CFB) mode |
|
sm4-ctr |
SM4 in Counter (CTR) mode |
|
sm4-ecb |
SM4 in Electronic Codebook (ECB) mode |
|
sm4-ofb |
SM4 in Output Feedback (OFB) mode |
It is up to the application programmer to assure that the key size and contents are valid for the specified cipher. Incorrect key sizes or values may cause the function to fail. To avoid issues with short keys, the system will always pad the key supplied with nulls up to the key size specified by the algorithm.
Return List of Available Encryption Algorithms
HSH(PASSWORD "*" WITH "",KEY=''''[,ERR=stmtref])
HSH(EXTRACT "*" WITH "",KEY=''''[,ERR=stmtref])
A comma-separated list of available encryption algorithms is returned.
Both functions will return the same list of encryption algorithms from OpenSSL. This list is useful for determining which algorithms can be used with Formats 2 and 3.
PxPlus includes software developed by the OpenSSL Project (http://www.openssl.org/) and cryptographic software written by Eric Young (eay@cryptsoft.com) and Tim Hudson (tjh@cryptsoft.com).