Chapter Contents


SAS/SHARE User's Guide

SAS System Options

Note:   These options do not apply to hosts that use the RSA BSAFE Crypto-J Toolkit. For Java client options, see other documentation (such as the documentation about the SAS/CONNECT Driver for Java that is provided with SAS/IntrNet software).  [cautionend]
For hosts that use the RSA BSAFE Crypto-C Toolkit or the Microsoft CryptoAPI, here are the SAS options that set encryption services attributes.

Set this option at both the local and remote hosts. At the remote host, this option specifies that encryption is required for each connection from a local host SAS session. At the local side, this option specifies that the local host must connect only to a remote host that supports encryption.

By default, encryption is used if the NETENCRYPTALGORITHM= option is set and if both the local and remote sides are capable of encryption. If encryption algorithms were specified but either the local or the remote side is incapable of encryption, then encryption is not performed.

Encryption may not be supported at the local or at the remote host for these reasons:

NETENCRYPTALGORITHM=("algorithm1", "algorithm2", ...)
If you specify more than one algorithm, enclose the algorithm names in parenthesis and use commas to separate them. If there are embedded blanks in the algorithm name, enclose each algorithm with quotation marks.

The alias is NETENCRALG.

Set this option at the remote host and, optionally, at the local host to specify one or more encryption algorithms to use in a SAS session. However, the local and remote hosts must share an encryption algorithm in common. If you specify the option in the remote host session only, the local side attempts to select an algorithm that was specified at the remote host. If you also set the option at the local host and specify an algorithm that is not specified at the remote host, the attempt by the local host to connect to that remote host fails.

Valid values for this option are
SAS Proprietary

Set this option in either the local or the remote host SAS session. It specifies the key length to be used by the encryption algorithm.

The alias is NETENCRKEY.

Valid values for this option are
128 specifies 1024-bit RSA and 128-bit RC2 and RC4 key algorithms.
40 specifies 512-bit RSA and 40-bit RC2 and RC4 key algorithms.
0 no value is set. This is the default.

If you require extra security, set NETENCRYPTKEYLEN=128. If you want to save CPU, set NETENCRYPTKEYLEN=40.

By default, if you try to connect to a host that is capable of only a 40-bit key algorithm with a host that is capable of both 40- bit and 128-bit, the connection using the lesser of the two key lengths is used. If both hosts are capable of 128-bit, then the 128-bit is used. To explicitly set one or the other, set the NETENCRYPTKEYLEN SAS option.

This option controls the use of Message Authentication Codes (MACs) on network communications. A Message Authentication Code is the equivalent of a checksum that is used to ensure that the original message has not been modified. The MAC integrity checking adds an extra 16 bytes to RC4 encrypted messages and an extra 24 bytes to RC2, DES, and TripleDES encrypted messages.

You set this option at either the local or the remote host. The default is NETMAC.

Chapter Contents



Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.