PWENCODE Procedure

PROC PWENCODE Statement

Encodes a password.

Encoding a Password

Using an Encoded Password in a SAS Program

Saving an Encoded Password to the Paste Buffer

Specifying Method= SAS003 to Encode a Password

Syntax

Required Argument

IN='password'

specifies the password to encode. The password can contain up to a maximum of 512 characters, which include alphanumeric characters, spaces, and special characters.

Note: Data set passwords must follow SAS naming rules. If the IN=password follows SAS naming rules, it can also be used for SAS data sets. For information about SAS naming rules, see Rules for Most SAS Names in SAS Language Reference: Concepts.
If the password contains embedded single or double quotation marks, use the standard SAS rules for quoting character constants. These rules can be found in the SAS Constants in Expressions chapter of SAS Language Reference: Concepts.
Note: Each character of the encoded password is replaced by an X when written to the SAS log.
See Encoding a Password
Using an Encoded Password in a SAS Program
Saving an Encoded Password to the Paste Buffer

Optional Arguments

OUT=fileref

specifies a fileref to which the output string is to be written. If the OUT= option is not specified, the output string is written to the SAS log.

Note: The global macro variable
_PWENCODE
is set to the value that is written to the OUT= fileref or to the value that is displayed in the SAS log.
See Using an Encoded Password in a SAS Program

METHOD=encoding-method

specifies the encoding method. Here are the supported values for encoding-method:

Supported Encoding Methods
Encoding Method
Description
Supported Data Encryption Algorithm
sas001
Uses base64 to encode passwords.
None
sas002, which can also be specified as sasenc
Uses a 32-bit key to encode passwords.
SASProprietary, which is included in SAS software.
sas003
Uses a 256-bit key plus 16-bit salt to encode passwords.
AES (Advanced Encryption Standard), which is supported in SAS/SECURE.
sas004
Uses a 256-bit key plus 64-bit salt value to encode passwords.
AES (Advanced Encryption Standard), which is supported in SAS/SECURE.
Note: SAS/SECURE is a product that enables you to protect data through the use of industry-standard encryption and hashing algorithms. For more information, see “SAS/SECURE Software Availability” in Encryption in SAS.
If the METHOD= option is omitted, the default encoding method is used. When the FIPS 140-2 compliance option, -encryptfips, is specified, the encoding method defaults to sas003. For all other cases, encoding method sas002 is the default method used. SAS002 is also the default method used if you specify an invalid method.
Note: The METHOD= option supports the SAS003 and SAS004 values, but only if you have SAS/SECURE.
The SAS003 and the SAS004 encoded passwords consist of a 256-bit key plus a salt value. These salt values are random. Therefore, each time you use PROC PWENCODE to encode the same password, you get a different salt value and therefore a different encoded password.