HP 3000 Manuals HP 3000 Manuals
Installing and Removing Encryptors
Installing an Encryption Program
An encryptor must be installed on the system for specific capability
groups using the INSTALL command. You must have SYSADMIN capabilities to
install and remove encryption programs. To test an encryption program
before installing it system-wide, you can install it in debug mode. Like
other installed items, encryptors can be deleted by the REMOVE command,
and listed by the SYSTEMLIST or SYSTEMLIST ENCRYPT command. The use of
these commands is described in HP DeskManager Administration.
An example is shown below.
Workarea> INSTALL ENCRYPT
Enter the unique identification number for the encryption program > 5
Enter the encrypt program filename > SECRET.PUB.SYS
Enter the library search (LIB=?) for the program (S) >
Enter a description > Pharaoh company encryption program
Relative speed of this encryption algorithm (1 to 10) > 9
Relative security of this encryption algorithm (1 to 10) > 9
Maximum length of the encryption key (32) >
Create process with debug (testing only) (NO) > NO
Enter the names of the groups who may use this encryption method:
Group: Everyone
Group: //
Encryption program REFERENCE installed.
NOTE: This program file has not been copied, thus usual system backup
and security provisions should be taken to ensure the program's
availability.
Workarea>
The following is a list of the parameters used in installation:
Parameter | Function
|
-----------------------------------------------------------------------------------------
|
unique | This is an important piece of information as it lets HP Desk know
identification | which encryption method was used on a piece of data when it comes to
number | decrypt it. Thus if you install an encryption program on one HP Desk
| system with an identification number of 5, it must be installed on
| all the other systems that will make use of it with an identification
| number of 5. If this is not done, items will not be able to be
| decrypted correctly on other systems other than the one on which they
| were encrypted. Note that Hewlett-Packard reserves all negative
| identifying numbers for its own use. You may install an encryption
| program using a negative number but a warning will be issued to the
| effect that a subsequent release of HP Desk may overwrite it.
|
Parameter | Function
|
-----------------------------------------------------------------------------------------
|
encrypt program | Is the name of the program that contains the written encryption
filename | routine. To avoid problems with MPE access rights, it is suggested
| that such a program be made available from a general utility account
| or group (UTIL.SYS or even PUB.SYS). HP Desk does not make its own
| copy of this program file.
|
library search | Is only used if the encryption program requires access to a group or
| a public SL file to resolve external procedure references that isn't
| SL.PUB.SYS. The default for this is S which means that SL.PUB.SYS
| will be searched. Other valid entries would be P for accessing the
| SL.PUB in the account where the program resides; or G for accessing
| SL in the group and account where the program resides.
|
description | Is used to provide an indication to users of what the encryption
| algorithm is.
|
relative speed | Is used to provide an indication to users of how long this encryption
| routine will take to encrypt an item. Use the HP Desk supplied
| encryption routine speed (1) as a basis for your estimate. The speed
| value must be a number in the range 1 to 10 (where 1 is fast).
|
relative security | Is used to provide an indication to users of how secure the
| encryption process is. That is, a measure of how difficult it would
| be for someone to break the code. As with the speed measurement, use
| HP Desk supplied routine security (1) as a basis for your estimate.
| The security value must be a number in the range 1 to 10 (where 9 is
| very secure).
|
maximum length of | Ensures that HP Desk will not pass any more than the set number of
encryption key | characters to an encryption routine. The default and maximum setting
| for this is 32 characters.
|
create process | Is only used for testing an encryption routine before it goes on
with debug | general release. If used, HP Desk will invoke the encryption program
| with the MPE Debug option to allow a programmer to set breakpoints in
| the code for testing.
|
Removing an Encryption Program
The example below illustrates the use of the REMOVE command to remove an
encryption program from HP Desk.
Workarea> remove encrypt
Enter encryption identification number > 5
Description: Pharaoh company encryption program
Program name: SECRET.PUB.SYS
Do you wish to remove it? (NO) > yes
Encryptor removed
Workarea>