Previous Next

ENCRYPT-AUDIT-MAC-KEY( ) method
Encrypts and encodes the specified character expression and returns an encrypted character value that you can store for later use in message authentication code (MAC) operations.
Return type:
Applies to:
 
Syntax 
ENCRYPT-AUDIT-MAC-KEY ( encrypt-key )
encrypt-key
A character expression containing the key to encrypt. The AVM converts this key to UTF-8 before encrypting it and storing it, which ensures a consistent value regardless of code page settings.
The following code fragment illustrates how to use the ENCRYPT-AUDIT-MAC-KEY( ) method to set a database MAC key value:
 
DEFINE VARIABLE cVal AS CHARACTER NO-UNDO.
DEFINE VARIABLE cKey AS CHARACTER NO-UNDO INITIAL "Open Sesame".
. . .
cVal = AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cKey).
. . .
_db-detail._db-mac-key = cVal.
You can also use the ENCRYPT-AUDIT-MAC-KEY( ) method to generate an encrypted value for an OpenEdge password in order to obscure its cleartext value from hacking. For example:
 
DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO.
 
CONNECT C:\OpenEdge\WRK\db\Sports2000 
  VALUE( "-U " + cUserID +
        " -P " + "oech1::" + AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd))
  -H dbserver -S 1900 NO-ERROR.
The cUserID and cPasswd parameters pass in a user ID and password that a user might enter in response to a prompt, in this case to authenticate and set the user identity for a connection created for the sports2000 database.
Therefore, cPasswd contains the cleartext value of the password the user has typed. The "oech1::" prefix is an identifier that tells OpenEdge that the value following the "::" is encrypted in a manner that allows it to recover the cleartext value for internal operations, such as validating a user account password. Without the prefix, OpenEdge interprets the string as the cleartext value a user might type directly, and therefore does not attempt to decrypt.
In this example, the encrypted password is passed as the value of the Password (-P) connection parameter. However, OpenEdge understands this encryption format anywhere that it accepts a password—for example, to set the PRIMARY-PASSPHRASE attribute on the client-principal object handle for OpenEdge-performed user authentication.
For more information on using password encryption in ABL, see the documentation on encrypted passwords in OpenEdge Development: Programming Interfaces.

Previous Next
© 2013 Progress Software Corporation and/or its subsidiaries or affiliates.