Encryption

HULFT can encrypt file contents to transfer them. The following two types of Encryption Schemes are provided:

  • HULFT Encryption Scheme

  • Encryption scheme using the encryption exit routine

AES is available as an encryption exit routine.

 

When AES is used, in addition to the previously available security mechanism, you can use "Forced Strong Key mode", in which the highest possible encryption is applied. In Forced Strong Key mode, the following two settings are enforced.

  • Using AES for encryption

  • Using 64 digits hexadecimal cipher key

If the local host is in Forced Strong Key mode, the host can only communicate with a host in Forced Strong Key mode. If the destination host is HULFT Ver.8.4.0 or higher and not in Forced Strong Key mode, or if it is a version lower than HULFT Ver.8.4.0, all communications result in an error, including not only those for file transfers but also those for any request issuances.

If Forced Strong Key mode is disabled, the behavior is the same as in versions lower than HULFT Ver.8.4.0.

The table below shows the difference between whether Forced Strong Key mode is on or off.

Table 2.17 Difference between whether Forced Strong Key mode is on or off

 

Forced Strong Key Mode

Disabled

Enabled

Available encryption methods

AES and HULFT Encryption Scheme

AES

Cipher Key

Alphanumeric character string of 8 to 20 bytes

Character string of 64 hexadecimal digits

Omission of cipher key

Possible (*1)

Not possible

Interaction with the destination host

Automatically selects the strongest method among encryption methods available on both hosts

No communication is possible when Forced Strong Key mode is disabled on either of the hosts

*1

:

If this field is omitted, the file is transferred without being encrypted.

 

When an encryption exit routine is used to perform encryption, the encryption scheme is determined according to what HULFT Cipher Option products are installed and how the System Environment Settings are configured on the sending-side and receiving-side hosts.

For details, refer to the following:

HULFT10 Cipher Option Manual : How to use HULFT Cipher Option

 

To specify the encryption scheme, set Encryption Scheme (CIPHERTYPE) in the System Environment Settings. To enable Forced Strong Key mode, set Forced Strong Key Mode (STRONGKEYMODE) in the System Environment Settings. For details on the System Environment Settings, refer to System Environment Settings.

Note

  • The value that can be specified as the cipher key differs depending on whether Forced Strong Key mode is on or off. Therefore, we do not recommend that you change Forced Strong Key mode between on and off in the middle of operations.

    If you change Forced Strong Key mode between on and off, set a new cipher key.

  • Instant transfer cannot be used in Forced Strong Key mode.

HULFT Encryption Scheme

If all of the following conditions are met, the file transfer is performed with HULFT Encryption Scheme:

  • Encryption Scheme (CIPHERTYPE) in the System Environment Settings is set to "0"

  • An identical alphanumeric character string cipher key of 8 to 20 bytes is specified in both the Send Management Information and the Receive Management Information

Note

  • When the settings of the Cipher Key on the sending side and the receiving side are not the same, or when only HULFT on the sending side specifies the Cipher Key, data is not decoded correctly.

  • If the cipher key is not specified on the sending side, data is not encrypted. In such a case, the cipher key on the receiving side is ignored.

Encryption scheme using the encryption exit routine

If all of the following conditions are met, the file transfer is performed with the encryption scheme using the encryption exit routine:

  • HULFT is installed with a product key that contains a HULFT Cipher Option (AES) license

  • Encryption Scheme (CIPHERTYPE) in the System Environment Settings is set to "1"

  • Forced Strong Key Mode (STRONGKEYMODE) in the System Environment Settings is set to "0".

  • An identical alphanumeric character string cipher key of 8 to 20 bytes is specified in both the Send Management Information and the Receive Management Information

Note

  • When the settings of the Cipher Key on the sending side and the receiving side are not the same, or when only HULFT on the sending side specifies the Cipher Key, data is not decoded correctly.

  • If the cipher key is not specified on the sending side, data is not encrypted. In such a case, the cipher key on the receiving side is ignored.

Forced Strong Key Mode

If all of the following conditions are met on both the sending-side host and the receiving-side host, the file transfer is performed in Forced Strong Key mode:

  • HULFT is installed with a product key that contains a HULFT Cipher Option (AES) license

  • Encryption Scheme (CIPHERTYPE) in the System Environment Settings is set to "1"

  • Forced Strong Key Mode (STRONGKEYMODE) in the System Environment Settings is set to "1".

  • An identical cipher key of 64 hexadecimal digits is specified in both the Send Management Information and the Receive Management Information

Note

  • If the destination host is not in Forced Strong Key mode, a transfer error occurs.

  • If the cipher keys specified on the sending side and receiving side are not identical, data is not correctly decrypted.

  • In Forced Strong Key mode, the cipher key cannot be omitted.