EzCrypt Task
The EzCrypt Task can be used to encrypt and decrypt data for regular transport.
Remarks
The EzCrypt Task contains an encoder and a decoder that receive SSIS ADO tables from the SSIS Package and perform cryptographic operations on the data. The encoder will produce an encrypted file that the decoder can then decrypt, making it possible to add secure storage to your business process.
Configuration
To use the EzCrypt Task, first select an Algorithm. Only symmetric algorithms are supported in the EzCrypt Task.
Next, set the KeyPassword to allow the task to generate the cryptographic Key and IV. Alternatively, you may set the Key and IV properties directly. Note that the same password may be used for the encoder and decoder to generate the same key and IV.
You can control the size of the key by setting the KeySize configuration setting. You can change how the cryptography is performed by setting the CipherMode and PaddingMode properties.
Encoder Property List
The following is the full list of the properties of the encoder task with short descriptions. Click on the links for further details.
| Algorithm | The symmetric algorithm. |
| CipherMode | The cipher mode of operation. |
| InputFile | The full path to the input file. |
| IV | The initialization vector used by the CipherMode to modify the ciphertext. |
| Key | The secret key for the symmetric algorithm. |
| KeyPassword | A password used by the task to generate the Key and IV . |
| Other | Defines a set of configuration settings to be used by the task. |
| OutputFile | The full path to the output file. |
| Overwrite | Whether or not the component should overwrite the output file. |
| PaddingMode | The padding mode. |
| RuntimeLicense | Specifies the component runtime license key. |
| UseHex | Whether input or output is hex encoded. |
Decoder Property List
The following is the full list of the properties of the decoder task with short descriptions. Click on the links for further details.
| Algorithm | The symmetric algorithm. |
| CipherMode | The cipher mode of operation. |
| InputFile | The full path to the input file. |
| IV | The initialization vector used by the CipherMode to modify the ciphertext. |
| Key | The secret key for the symmetric algorithm. |
| KeyPassword | A password used by the task to generate the Key and IV . |
| Other | Defines a set of configuration settings to be used by the task. |
| OutputFile | The full path to the output file. |
| Overwrite | Whether or not the component should overwrite the output file. |
| PaddingMode | The padding mode. |
| RuntimeLicense | Specifies the component runtime license key. |
| UseHex | Whether input or output is hex encoded. |
Config Settings
The following is a list of config settings for the task with short descriptions. Click on the links for further details.
| BlockSize | The block size, in bits, of the cryptographic operation. |
| EncryptedDataEncoding | The encoding of the encrypted input or output data. |
| IncludeIV | Whether to prepend the IV to the output data and read the IV from the input data. |
| KeyPasswordAlgorithm | The hash algorithm used to derive the Key and IV from the KeyPassword property. |
| KeyPasswordIterations | The number of iterations performed when using KeyPassword to derive the Key and IV. |
| KeyPasswordSalt | The salt value used in conjunction with the KeyPassword to derive the Key and IV. |
| KeySize | The size, in bits, of secret key for the symmetric algorithm. |
| TeaAlgorithm | The TEA algorithm. |
Algorithm Property (EzCrypt Task)
The symmetric algorithm.
Data Type
Enumeration
Possible Values
AES (0)
Blowfish (1)
CAST (2)
DES (3)
IDEA (4)
RC2 (5)
RC4 (6)
TEA (7)
Triple DES (8)
Twofish (9)
Rijndael (10)
Default Value
0
Remarks
This property specifies the symmetric algorithm to use. Possible values are:
- 0 (AES - default)
- 1 (Blowfish)
- 2 (CAST)
- 3 (DES)
- 4 (IDEA)
- 5 (RC2)
- 6 (RC4)
- 7 (TEA)
- 8 (TripleDES)
- 9 (Twofish)
- 10 (Rijndael)
- 11 (ChaCha)
- 12 (XSalsa20)
CipherMode Property (EzCrypt Task)
The cipher mode of operation.
Data Type
Enumeration
Possible Values
CBC (0)
ECB (1)
OFB (2)
CFB (3)
CTS (4)
Default Value
0
Remarks
The cipher mode of operation.
Possible values are:
| 0 (cmCBC - default) | The Cipher Block Chaining (CBC) is a mode of operation for a block cipher, one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block. |
| 1 (cmECB) | The Electronic Codebook (ECB) mode encrypts each block separately. Important: It is not recommend to use this model when encrypting more than one block because it may introduce security risks. |
| 2 (cmOFB) | The Output Feedback (n-bit, NOFB) mode makes a block cipher into a synchronous stream cipher. It has some similarities to CFB mode in that it permits encryption of differing block sizes, but has the key difference that the output of the encryption block function is the feedback (instead of the ciphertext). |
| 3 (cmCFB) | The Cipher Feedback (CFB) mode processes a small amount of incremental text into ciphertext, rather than processing a whole block at one time. |
| 4 (cmCTS) | The Cipher Text Stealing (CTS) mode handles any length of plain text and produces cipher text whose length matches the plain text length. This mode behaves like the CBC mode for all but the last two blocks of the plain text. |
| 5 (cm8OFB) | 8-bit Output Feedback (OFB) cipher mode. |
| 7 (cm8CFB) | 8-bit Cipher Feedback (CFB) cipher mode. |
InputFile Property (EzCrypt Task)
The full path to the input file.
Data Type
String
Default Value
""
Remarks
The task will encrypt or decrypt the file specified by this property.
IV Property (EzCrypt Task)
The initialization vector used by the CipherMode to modify the ciphertext.
Data Type
String
Default Value
""
Remarks
The IV is an initialization vector used by the CipherMode to modify the ciphertext output by the task. This can add several degrees of security to the cipher.
Key Property (EzCrypt Task)
The secret key for the symmetric algorithm.
Data Type
String
Default Value
""
Remarks
This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. The legal key size varies depending on the algorithm.
If this property is left empty it will be set to a random value by the task as necessary.
Legal Key and Block Sizes (in bits)
| AES | Rijndael | CAST | DES | IDEA | RC2 | RC4 | TripleDES | Blowfish | Twofish | TEA | |
| Minimum Key Size | 128 | 128 | 112 | 64 | 128 | 112 | 112 | 128 | 112 | 128 | 128 |
| Maximum Key Size | 256 | 256 | 128 | 64 | 128 | 128 | 2048 | 192 | 448 | 256 | 128 |
| Key Size Step | 64 | 64 | 8 | 0 | 0 | 8 | 8 | 64 | 1 | 8 | 0 |
| Block Size | 128 | 128/192/256 | 64 | 64 | 64 | 64 | N/A | 64 | 64 | 128 | 64* |
Note: When using TEA if Algorithm is set to XXTEA valid block sizes are 64 + n * 32. Where n is any positive integer.
The default KeySize is the Maximum Key Size.
KeyPassword Property (EzCrypt Task)
A password used by the task to generate the Key and IV .
Data Type
Password
Default Value
""
Remarks
The task can use the KeyPassword to fill in the values of Key and IV using the PKCS5 password digest algorithm. The size of the Key generated is dependent on the value of KeySize.
Other Property (EzCrypt Task)
Defines a set of configuration settings to be used by the task.
Data Type
String
Default Value
""
Remarks
The task accepts one or more configuration settings. These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the task, access to these internal properties is provided through the Other property.
The Other property may be set to one or more configuration settings (name/value pairs). Set one setting per line.
For example:
configname1=value1
configname2=value2
OutputFile Property (EzCrypt Task)
The full path to the output file.
Data Type
String
Default Value
""
Remarks
The output of the encrypt or decrypt operation will be written to the file specified by this property.
Overwrite Property (EzCrypt Task)
Whether or not the component should overwrite the output file.
Data Type
Boolean
Default Value
false
Remarks
This property specifies whether the task should overwrite the OutputFile if it already exists on disk.
PaddingMode Property (EzCrypt Task)
The padding mode.
Data Type
Enumeration
Possible Values
PKCS7 (0)
Zeros (1)
None (2)
ANSIX923 (3)
ISO10126 (4)
Default Value
0
Remarks
PaddingMode is used to pad the final input block to guarantee that it is the correct size required for the selected CipherMode. Each mode pads the data differently. Possible values are:
| 0 (pmPKCS7 - default) | The data is padded with a series of bytes that are each equal to the number of bytes used.
For instance, in the example below the data must be padded with 3 additional bytes, so each byte value will be 3.
Raw Data: AA AA AA AA AA
PKCS7 Padded Data: AA AA AA AA AA 03 03 03 |
| 1 (pmZeros) | The data is padded with null bytes. |
| 2 (pmNone) | No padding will be performed. |
| 3 (pmANSIX923) | The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length.
For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3.
Raw Data: AA AA AA AA AA
ANSIX923 padding Data: AA AA AA AA AA 00 00 03 |
| 4 (pmISO10126) | The ISO10126 padding string consists of random data before the length.
For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3.
Raw Data: AA AA AA AA AA
ISO10126 padding Data: AA AA AA AA AA F8 EF 03 |
When decrypting the PaddingMode must match the value used when the data was encrypted.
Note: When using a value of 2 (pmNone), unless the length of input is an exact multiple of the cipher's input BlockSize, the final block of plaintext may be lost.
RuntimeLicense Property (EzCrypt Task)
Specifies the component runtime license key.
Data Type
String
Default Value
""
Remarks
You can use the RuntimeLicense property to set the runtime key for the task license.
UseHex Property (EzCrypt Task)
Whether input or output is hex encoded.
Data Type
Boolean
Default Value
false
Remarks
This property specifies whether the encrypted data is hex encoded.
If set to True, when encrypting the task will perform the encryption as normal and then hex encode the output.
If set to True, when decrypting the task will expect the input to hold hex encoded data. The task will then hex decode the data and perform decryption as normal.
Config Settings (EzCrypt Task)
The task accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the task, access to these internal properties is provided through the Other property.EzCrypt Config Settings
The following algorithms have a fixed block size: AES, CAST, DES, IDEA, RC2, TripleDES, Blowfish, and Twofish.
When Encrypt is called the task will perform the encryption as normal and then encode the output as specified here. OutputMessage or OutputFile will hold the encoded data.
When Decrypt is called the task will expect InputMessage or InputFile to hold the encoded data as specified here. The task will then decode the data and perform decryption as normal.
Possible values are:
- 0 (none - default)
- 1 (Base64)
- 2 (Hex)
- 3 (Base64URL)
- "SHA1"
- "MD2"
- "MD5" (default)
- "HMAC-SHA1"
- "HMAC-SHA224"
- "HMAC-SHA256"
- "HMAC-SHA384"
- "HMAC-SHA512"
- "HMAC-MD5"
- "HMAC-RIPEMD160"
When using any HMAC algorithm the PBKDF#2 method from RFC 2898 is used. Any other algorithm uses PBKDF#1 from the same RFC.
This setting is only applicable when KeyPassword is specified.
Note that when using the EzCrypt task, KeySize should be set after setting the Algorithm property.
| 0 (taXXTEA - default) | Correct Block TEA |
| 1 (taXTEA) | eXtended TEA |
| 2 (taTEA) | TEA (Tiny Encryption Algorithm) |