Encryption

HULFT can encrypt file contents to transfer them. The following two types of Encryption Schemes are provided:

  • HULFT Encryption Scheme

  • Encryption scheme using an encryption exit routine

There are the following two types of encryption exit routines:

  • C4S

  • AES

 

When AES is available, in addition to the previously available security mechanism, you can use "Forced Strong Key mode", in which the highest possible encryption is applied. In Forced Strong Key mode, the following two settings are enforced.

  • AES is always used for encryption

  • 64 digits hexadecimal cipher key is used

If the local host is in Forced Strong Key mode, the host can only communicate with a host in Forced Strong Key mode. If the remote host is HULFT Ver.8.4.0 or higher and not in Forced Strong Key mode, or if it is a version lower than HULFT Ver.8.4.0, any communication results in an error, including for not only file transfers but also all types of request issuances.

If the host is not in Forced Strong Key mode, the behavior is the same as in versions lower than HULFT Ver.8.4.0.

The table below shows the difference between whether Forced Strong Key mode is on or off.

Table 2.15 Difference between whether Forced Strong Key mode is on or off

 

Forced Strong Key mode

Disabled

Enabled

Available encryption method

AES, C4S, and HULFT Encryption Scheme

AES

Cipher key

Alphanumeric character string of 8 to 20 bytes

Hexadecimal character string of 64 digits

Omission of cipher key

Yes (*1)

No

Interaction with the peer host

Automatically selects the strongest method among encryption methods available on both hosts

No communication is allowed when Forced Strong Key mode is not available on either of the hosts

*1

:

If this field is omitted, the file is transferred without being encrypted.

 

When an encryption exit routine is used to perform encryption, the encryption scheme is determined according to what HULFT Cipher Option products are installed and how the System Environment Settings are configured on the sending-side and receiving-side hosts.

Refer to Cipher Option Manual for details.

 

To specify the encryption scheme, set Encryption Scheme (ciphertype) in the System Environment Settings. To enable Forced Strong Key mode, set Forced Strong Key Mode (strongkeymode) in the System Environment Settings. For details on the System Environment Settings, refer to System Environment Settings.

Note

  • The value that can be specified as the cipher key differs depending on whether Forced Strong Key mode is on or off. Therefore, we do not recommend that you change Forced Strong Key mode between on and off in the middle of operations.

    When you change Forced Strong Key mode between on and off, set a new cipher key.

  • When Forced Strong Key mode is enabled, instant transfer cannot be performed.

(1) HULFT Encryption Scheme

If all of the following conditions are met, the file transfer is performed with HULFT Encryption Scheme:

  • Encryption Scheme (ciphertype) in the System Environment Settings is set to "0".

  • An identical alphanumeric character string cipher key of 8 to 20 bytes is specified in both Send Management Information and Receive Management Information.

Note

  • If the cipher keys specified on the sending side and receiving side are not identical or the cipher key is specified only on the sending side, data is not correctly decrypted.

  • If the cipher key is not specified on the sending side, data is not encrypted. In such a case, the cipher key on the receiving side is ignored.

(2) Encryption scheme using the encryption exit routine

If all of the following conditions are met in both the Send Management Information and the Receive Management Information, the file transfer is performed with encryption using the encryption exit routine.

  • HULFT is installed with a product key that contains a HULFT Cipher Option (C4S) or HULFT Cipher Option (AES) license.

  • Encryption Scheme (ciphertype) in the System Environment Settings is set to "1".

  • Forced Strong Key Mode (strongkeymode) in the System Environment Settings is set to "0".

  • An identical alphanumeric character string cipher key of 8 to 20 bytes is specified in both Send Management Information and Receive Management Information.

Note

  • If the cipher keys specified on the sending side and receiving side are not identical or the cipher key is specified only on the sending side, data is not correctly decrypted.

  • If the cipher key is not specified on the sending side, data is not encrypted. In such a case, the cipher key on the receiving side is ignored.

(3) Forced Strong Key mode

If all of the following conditions are met on both the sending-side host and receiving-side host, the file transfer is performed in Forced Strong Key mode.

  • HULFT is installed with a product key that contains a HULFT Cipher Option (AES) license.

  • Encryption Scheme (ciphertype) in the System Environment Settings is set to "1".

  • Forced Strong Key Mode (strongkeymode) in the System Environment Settings is set to "1".

  • An identical cipher key of 64 hexadecimal digits is specified in both the Send Management Information and Receive Management Information.

Note

  • If the peer host is not in Forced Strong Key mode, a transfer error occurs.

  • If the cipher keys specified on the sending side and receiving side are not identical, data is not correctly decrypted.

  • In Forced Strong Key mode, the cipher key cannot be omitted.