AES - UENCRYPT configuration option

Description

The AES option specifies whether or not AES (Advanced Encryption Standard) encryption is used.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

Command Line, Short Form

-a option


(tick)

(tick)

(tick)

Command Line, Long Form

-aes option


(tick)

(tick)

(tick)

STRUEN Parameter

AES(*option)

(tick)




Values

option is the specification for whether or not to use AES encryption.

Valid values for option are:

  • yes
    Use AES 256-bit encryption in CBC mode.
  • no
    Use DES 56-bit encryption.
  • legacy
    Use AES 256-bit encryption in CBC mode with pre-6.3.0.1 internal key (if user key is not specified).

Default is yes.
 

Note

In version 6.3.0.1, the internal key used for AES encryption was enhanced to provide greater security. As a result, encrypted command files generated with version 6.3.0.1 or later that do not use a user-specified key, by default, will not be compatible with Universal Agent components earlier than 6.3.0.1.

However, specifying AES legacy will force UENCRYPT to generate an encrypted command file using the pre-6.3.0.1 internal key, allowing for backwards compatibility.

Version 6.3.0.1 and later Agent components are fully backwards compatible with encrypted command files generated with any version of UENCRYPT.