AES - UENCRYPT configuration option
Description
The AES option specifies whether or not AES (Advanced Encryption Standard) encryption is used.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Short Form | -a option | | | | |
Command Line, Long Form | -aes option | | | | |
STRUEN Parameter | AES(*option) | |
Values
option is the specification for whether or not to use AES encryption.
Valid values for option are:
- yes
Use AES 256-bit encryption in CBC mode. - no
Use DES 56-bit encryption. - legacy
Use AES 256-bit encryption in CBC mode with pre-6.3.0.1 internal key (if user key is not specified).
Default is yes.
Note
In version 6.3.0.1, the internal key used for AES encryption was enhanced to provide greater security. As a result, encrypted command files generated with version 6.3.0.1 or later that do not use a user-specified key, by default, will not be compatible with Universal Agent components earlier than 6.3.0.1.
However, specifying AES legacy will force UENCRYPT to generate an encrypted command file using the pre-6.3.0.1 internal key, allowing for backwards compatibility.
Version 6.3.0.1 and later Agent components are fully backwards compatible with encrypted command files generated with any version of UENCRYPT.