The ENCRYPT() and ENCRYPTX() functions encrypt data for secure storage or transmission.
The ENCRYPT() function applies the AES 128 bit encryption algorithm to the supplied data and returns the encrypted text. The key string may be up to 64 characters in length and may contain any character. It is automatically transformed into a form that is usable by the AES algorithm. For optimum data security, the key should be about 16 characters.
The encrypted data is post-processed so that it can never contain characters from the C0 control group (characters 0 to 31) or the mark characters. As a result of this operation, the encrypted data is slightly longer than the original source data.
The ENCRYPTX() function is similar but uses a random initialisation vector that it included in the returned encrypted string. This results in greater security.
Both encrypted data formats are decrypted using the DECRYPT() function.
On an ECS mode system, the data to be encrypted must be converted to a byte string using the BS conversion code prior to encryption if it may contain ECS characters. This is because encryption is a byte level operation. The effect of encrypting an ECS string directly is undefined. There is an implication that a program decrypting the data must know that it will need to convert the byte string back to ECS characters.
Also note that encrypting the same string in both ECS and non-ECS modes will yield different results as the underlying representation of the data is different.
OPEN 'USERS' TO USR.F ELSE
DISPLAY 'Cannot open USERS file'
DISPLAY 'User name: ' :
INPUT USERNAME, 20_:
READ USER.REC FROM USR.F THEN
FOR I = 1 TO 3
DISPLAY 'Password: ' :
INPUT PW,20_: HIDDEN
IF ENCRYPT(PW, 'MySecretKey') = USR.REC<1> THEN RETURN @TRUE
DISPLAY 'Password incorrect'
The above function prompts for a user name and password, validating these against a record in the USERS file. The password field of this file is encrypted.
Changing the encryption line in the above example to be
IF ENCRYPT(OCONV(PW, 'BSH'), 'MySecretKey') = USR.REC<1> THEN RETURN @TRUE
would allow use of ECS characters in the password.