PDMS User Bulletin

PML Publisher
User Guide
AVEVA Solutions Limited
PML Disclaimer
1.1 AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free from
viruses.
1.2 AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar losses; loss of
anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of data or information; any
special, indirect, consequential or pure economic loss, costs, damages, charges or expenses which may be
suffered by the user, including any loss suffered by the user resulting from the inaccuracy or invalidity of any data
created by the AVEVA software, irrespective of whether such losses are suffered directly or indirectly, or arise in
contract, tort (including negligence) or otherwise.
1.3 AVEVA shall have no liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software where the faulty performance of the AVEVA software results from a user's
modification of the AVEVA software. User's rights to modify the AVEVA software are strictly limited to those set out
in the Customisation Manual.
1.4 AVEVA shall not be liable for any breach or infringement of a third party's intellectual property rights where such
breach results from a user's modification of the AVEVA software or associated documentation.
1.5 AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year in which the user's
claim is brought.
1.6 Clauses 1.1 to 1.5 shall apply to the fullest extent permissible at law.
1.7. In the event of any conflict between the above clauses and the analogous clauses in the software licence
under which the AVEVA software was purchased, the clauses in the software licence shall take precedence.
PML Copyright
Copyright and all other intellectual property rights in this manual and the associated software, and every part of it
(including source code, object code, any data contained in it, the manual and any other documentation supplied
with it) belongs to, or is validly licensed by, AVEVA Solutions Limited or its subsidiaries.
All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this document
is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or transmitted without
the prior written permission of AVEVA Solutions Limited. Where such permission is granted, it expressly requires
that this copyright notice, and the above disclaimer, is prominently displayed at the beginning of every copy that is
made.
The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. Subject to the user's rights, as set
out in the customisation manuals to amend PML software files contained in the PDMSUI and PMLLIB folders and
any configuration files, the user may not reverse engineer, decompile, copy, or adapt the software. Neither the
whole, nor part of the software described in this publication may be incorporated into any third-party software,
product, machine, or system without the prior written permission of AVEVA Solutions Limited, save as permitted by
law. Any such unauthorised action is strictly prohibited, and may give rise to civil liabilities and criminal prosecution.
The AVEVA software described in this guide is to be installed and operated strictly in accordance with the terms
and conditions of the respective software licences, and in accordance with the relevant User Documentation.
Unauthorised or unlicensed use of the software is strictly prohibited.
Copyright 1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved. AVEVA shall not
be liable for any breach or infringement of a third party's intellectual property rights where such breach results from
a user's modification of the AVEVA software or associated documentation.
AVEVA Solutions Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
PML Trademark
AVEVA and Tribon are registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised use of
the AVEVA or Tribon trademarks is strictly forbidden.
AVEVA product/software names are trademarks or registered trademarks of AVEVA Solutions Limited or its
subsidiaries, registered in the UK, Europe and other countries (worldwide).
The copyright, trademark rights, or other intellectual property rights in any other product or software, its name or
logo belongs to its respective owner.
PML Publisher User Guide
Revision Sheet
Date
Version
Comments / Remarks
September 2011 12.1.1
Issued
January 2012
Copyright added to all pages.
January 2013
12.1.SP2
Fix
Hot New chapter added; 2.7 Access Password and Database

Protection.
Contents
Page
PML Publisher
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Serious Warnings About Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Using the PML Encryption Utility Program. . . . . . . . . . . . . . . . . . . . 2:1

Possible Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1
Help
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1
Choosing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:2

File and Folder Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
All Files in a Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Files in a pmllib-like Folder Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File/Folder Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unicode and Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2:2
2:3
2:3
2:3
2:3
2:3
Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:4

Encryption Type 4: RC4 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encryption Type 3: Obsolete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encryption Type 2: Basic Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encryption Type 1: Trivial Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encryption Type 0: No Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2:4
2:4
2:5
2:5
2:5
Buffering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
Editing Published PML Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
Access Password and Database Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:7
Copyright 1974 to current year.

AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
12 Series
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:8
Single File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Folder of Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Simple PMLLIB Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restrict who can use an Encrypted File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Full Worked Example: Encrypting PMLLIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2:8
2:8
2:8
2:8
2:8
Using Encrypted Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1

Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1

ii
12 Series

Introduction
Introduction
PML is the AVEVA Programmable Macro Language. You can find details of the language in
the Software Customisation Guide and the Software Customisation Reference Manual.
PML functions, objects forms and macros may be encrypted using the tools described in this
guide, and once encrypted may be used within the software, but may not easily be read.
Encrypted PML files may be used in any compatible AVEVA program without an additional
license (see Using Encrypted Files). The encryption utility described in Using the PML
Encryption Utility Program is separately distributed and licensed.
Please note that the encryption used is of limited strength, and is not secure against all
possible attacks - for details of the encryptions used, see Encryption Algorithms.
If you have existing encrypted files encrypted with the old encryption type 3 (as used in
"Early Adopter" releases of 11.5.SP2 and 11.6.SP4 in 2007), you must re-encrypt the
original source to the new encryption type 4 if you wish to use them with 12-series releases,
11.6 Series SP4.9 and above or 11.5 series SP2.11 and above.
1.1
Serious Warnings About Encryption
AVEVA may, from time to time, and at its sole discretion, change certain PML
encryption algorithms. Customers must therefore acknowledge that existing encrypted
PML applications may not work with the new encryption algorithms. On receipt of the
new encryption algorithms Customers will need to re-encrypt the source code of the
PML applications and therefore the customer must keep a record of the full and current
PML source code.
Please note that AVEVA makes no guarantees or warranties as to the security of the
encryption warranties and the customers use such encryption algorithms at their sole
risk.
The encryption used by PML publisher is shared by all users. If you encrypt a file for
use in your company, it can be run by all users of a compatible version of the software,
whether or not they are part of your company. (See Examples for some example code
to help address this issue).
If you wish the use the same encrypted file with different program versions you must
check each version for compatibility.
Once a PML file has been encrypted, it can no longer be read or edited. When you
publish a file make sure that you retain a safe copy of the original file, in case you want
to make further modifications to it later, or in case a new encryption algorithm is
required.
The PML Publisher does not include a decryptor for encrypted files.

1:1
12 Series

Introduction

1:2
12 Series

Using the PML Encryption Utility Program
2.1
Possible Workflow
pmlencrypt.exe, the encryption utility program supplied with this release, is a commandline program designed to be included in your PML software development process.
One possible workflow would be:
Make sure that you have a current backup of the source PML
No tool is supplied to decrypt an encrypted file, so it is very important that you keep
good backups, in case you overwrite the source PML with an encrypted version.
Copy the source folders to a new location

Not all files within a PML folder hierarchy are always PML. Images, for example, should
not be encrypted, but may need to be supplied with the encrypted versions of the PML.
Encrypt from the copied location back to the source location. This will overwrite
recognised PML files with encrypted versions, and leave other files untouched.
Compare the source and copy locations to make sure that all the files you wish to be
encrypted are encrypted.
Test your new encrypted PML.
Consider writing a batch file, a perl script, or a PML script to automate this procedure for
your particular environment, to make it easy to create the encrypted PML environment
correctly each time the source PML is updated.
2.2
Licensing
The pmlencrypt.exe utility program requires a PML Publisher license in your license file
(the feature name is VPD-PMLPUBLISHER). If this is not present then the program will not
run.
2.3
Help
If pmlencrypt.exe is run without arguments, or with an invalid set of arguments, then a
summary similar to this is output. The options are explained further in the following sections.
AVEVA PML Publisher Mk2.1 (Jan 00 2013)

Copyright 2006 to current year. AVEVA Solutions Limited
and its subsidiaries. All rights reserved.
Product is licensed to <your company>
FLEXLM Client: Win32 5.2.0 (FLEXNet 11.8.0.0). Server: 5.0
FLEXnet 11.8.0.0) on <server>

2:1
12 Series

pmlencrypt [-rc4|-basic|-trivial|-none] [-buffer N] [folder|-pmllib] from_path to_path
2.4
-rc4
uses 40-bit RC4 encryption from the Microsoft Base Cryptographic

Provider (default)
-basic
uses a simple low-security encryption algorithm
-trivial
uses a human-decipherable encryption scheme - for testing only
-none
no encryption, but can be used with -buffer N
-buffer N
causes the file to be retained in memory until a module switch once

it has been read N times (the default is never)
-folder
is used to encrypt ALL files from the folder from_path to

to_path
-pmllib
is used to encrypt ALL .pmlobj .pmlfnc .pmlfrm and

.pmlmac files from the folders in a PMLLIB-type folder structure
beneath from_path to to_path
-pass
password, add an IPR password to the encrypted PML
-passfile
file, add IPR password(s) stored in file to the encrypted PML
-noofpass
show number of defined passwords in an encrypted PML file
from_path
is the file or folder to be encrypted
to_path
is the output file or folder
Choosing Files
PML files are not required to have particular file extensions. PML2 Functions, Objects,
Forms and Macros are normally stored in files with the extensions .pmlfnc, .pmlobj,
.pmlfrm and .pmlmac respectively, but other PML files, such as those in the pdmsui folder
of an installation have no extension at all, and a PML file with any extension may be read
with a $m command.
You must therefore be careful, when choosing files to encrypt, that you only encrypt PML
files. Other files, such as icon images and configuration files cannot be used by the software
when encrypted.
2.4.1
File and Folder Names

In this release of PML Publisher file and folder names containing spaces are not fully
supported, and file and folder names containing wide characters are not supported.
File and folder names containing spaces cannot be supplied directly as arguments to the
program, but can be processed as part of the contents of a folder or pmllib structure.
File and folder names containing wide characters cannot be processed directly or as part of
a folder or pmllib structure. Possible work-arounds include:
rename the affected files before and after encryption

2:2
12 Series

2.4.2
use the windows "short name" for the files affected, if available.
Single File
If neither of the -folder or -pmllib options are used the from_path and to_path arguments
are taken to be single file-names or paths (which must not include embedded spaces). The
to_path file is created or overwritten, as appropriate.
This option may be used whenever you have a single file to encrypt, and can also be useful
within a script, where the file selection is handled by the script itself.
No assumptions are made about file extensions.
To encrypt a single file with one or more spaces in its name, move it into a folder without
spaces in its name, and then encrypt the contents of that folder with the -folder option. See
above for wide-character filenames.
2.4.3
All Files in a Folder

If the -folder option is used the from_path and to_path arguments are taken to be names
or paths of folders (which must not include embedded spaces, although files within the
folders may. See above for wide-character filenames). All files in the from_path folder are
encrypted into the to_path folder. The to_path folder is created, if required, and the files
inside it are overwritten.
No file extension is required, so this option is suitable for folders in the %PDMSUI%
hierarchy, but you must be careful not to encrypt non-PML files.
2.4.4
Files in a pmllib-like Folder Tree

If the -pmllib option is used the from_path and to_path arguments are taken to be names
or paths of folders (which must not include embedded spaces, although files and sub-folders
within them may. See above for wide-character filenames). All folders beneath the
from_path folder are scanned, and files with extensions .pmlfnc, .pmlobj, .pmlfrm or
.pmlmac are encrypted to a matching structure constructed or overwritten beneath the
to_path folder.
As this option is file-extension sensitive, it will not encrypt image or other unrelated files in
the hierarchy - but it will not copy them for you either.
2.4.5
File/Folder Paths
Be careful when you give the from_path and to_path arguments that they are in that order
-otherwise you may overwrite the wrong file.
The from_path and to_path arguments cannot be identical - this is to reduce the risk of
accidental overwriting of the source-files.
2.4.6
Unicode and Encodings

PML Publisher preserves the encodings (eg LATIN1 or Unicode) of the files it encrypts. You
must ensure that these are compatible with the version of PDMS or Outfitting that will run
the encrypted files.
If the target system is Unicode compatible (eg 12.1 series) then UTF-8 with a byte-ordermark is recommended if characters outside the LATIN1 range are required.

2:3
12 Series

For non-Unicode target systems (eg 12.0 series) encrypted Unicode files will not be
suitable, and you must ensure that the expected encodings match between the encrypting
and running systems if characters beyond the ASCII range are required.
Encrypted files use only ASCII characters, and therefore do not require a byte-order-mark.
2.5
Encryption Algorithms
2.5.1
Encryption Type 4: RC4 Encryption

Encryption Type 4 (RC4 Encryption) is the recommended and default option. It can also be
selected by the -rc4 option.
--<004>-- Published PML 1.1 >-return error 99 'Unable to decrypt file in this software version'
$** d2b5c25a4eb20d0a540684e50a956e08
$** bs6mg5RrMcwxEsJcsWkPvI8wl0UzZbRe6k7aSK6MsfNn0Z1bI2+Qei7sparo
$** 07GrPZRJqvJvpyigRzDOR9OrbiaMj2O1nPllKJrLksfNKSMovO299idon3zg
$** SmwFahG-m1M4xgO4KfZ15tDf-k0n6wk45IsF9LMcX0lVc9hLEW+W64th
It is implemented using the Microsoft Base Cryptographic Provider, which is included in,
among other operating systems, Windows 2000 and Windows XP. It is also included with
Microsoft Internet Explorer version 3.0 or later. 40-bit keys are used, to operate within
limits imposed at one stage on exports of encryption technology.
It is therefore expected that all compatible computers will include the libraries required for
this algorithm.
Please note that even this encryption is of limited strength, and is not secure against all
possible attacks.
If you have existing encrypted files encrypted with the obsolete encryption type 3, you must
re-encrypt the original source to encryption type 4 if you wish to use them with versions
12.X, 11.6.SP4 and above or 11.5.SP2 and above.
2.5.2
Encryption Type 3: Obsolete

Encryption Type 3 is an obsolete format which is not supported at version 12.0.
--<003>-- Published PML 11.5.SP2 (Sep
6 2006) >--
return error 99 'This file is not readable by this version of PDMS'

$** 9ad7b51fc44384a8601979728b185f52
$** Ux1YR-LpiW-oRdjXdNJLy4-r8FE++c-LrEZsAzQebuwyRBKsrOv97U0h3dFR
$** M-5m1sMe41h2LlEXVpMadPyzRtVlUNMYdHhfBC8IYKtxe5BksX38RfF9mYUr
$** VW3hBC9ZKUzMf80cvj0PIJJ
This format was the default for "Early Adopter" releases with 11.5.SP2 and 11.6.SP4.
AVEVA released updated 11.5.SP2 and 11.6.SP4 versions supporting encryption type 4
instead of encryption type 3 in 2008.
If you have existing encrypted files encrypted with encryption type 3, you must re-encrypt
the original source to encryption type 4 if you wish to use them with version 12.X, or with the
updated 11.5.SP2 and 11.6.SP4.

2:4
12 Series

2.5.3
Encryption Type 2: Basic Encryption

Encryption Type 2 (Basic Encryption) is an alternative simple encryption scheme which is
implemented directly, and does not rely on external libraries. It can be selected by the basic option.
--<002>-- Published PML 1.1 >-return error 99 'Unable to decrypt file in this software version'
$** 4defaa8bf7dcf0d64dcd2aeda348703a
$** ppIlqUbi96dlUydmeuZkMLdkbWJ54Xp2Va4uR2M0RuZlkjPqQTLg5GoxqWrl
$** ZqN3Z65mRys0RuZlH7flJadi0+Zkampnc-4lKSJ2R64uRyYlOSZlabMzwLZh
$** 5+ZneHt2cmJgAi+sJqbmeWN8+jt0UzZnJKIz1uZlcOJ9
This algorithm is less secure than the RC4 algorithm, and is not recommended for general
use.
2.5.4
Encryption Type 1: Trivial Encryption

Encryption Type 1 (Trivial Encryption) is designed for testing purposes only. It provides no
security, as you can read the lines slowly (backwards), but you can use it to check that the
decryption system is functioning correctly, and that, for example, an incompatible version of
the software has not been installed.
--<001>-- Published PML 1.1 >-orcam tset *$
)lasrever enil - laivirt( 1 mhtirogla htiw dedocne si elif sihT P$
cam.2ogla m$
cam.1ogla ni kcaB P$
It can be selected by the -trivial option.

For example, the line:
$p Decryption not available $*$

will be interpreted as a comment when read backwards as part of a trivially encrypted file,
but will print a message if run on a version of the software that does not support any
decryption. This encryption type does not support utf-8 files.
2.5.5
Encryption Type 0: No Encryption

Encryption Type 0 (No Encryption) adds a standard Published PML header to the file, but
does not otherwise encrypt the file.
It can be selected by the -none option.
--<000>-- Published PML 1.1 >-$* test macro
$P This file (algo0.mac) is encoded with algorithm 0 (no encryption)
$m algo1.mac
$P Back in algo0.mac
You might choose to use this if you want to buffer the file for improved speed of access
(particularly for widely used PML objects or functions accessed over a relatively slow
network). For example, a file with the header
--<000-5>-- Published PML 1.1 >--

2:5
12 Series

will be kept in memory after it has been read five times during a session.
2.6
Buffering
Decrypting a PML file takes longer than reading a plain-text version, and in some
circumstances PML files may be re-read many times during a session. (A new command
PML STATISTICS displays information on the numbers of times each file has been read and
some extra information useful to AVEVA when testing the Published PML facilities).
In order to reduce the time taken to re-read the files, Published PML files may contain a
buffering directive in the header-line (the first line in the file). If a dash and a number are
included directly after the three-digit encryption algorithm ID, then the software will retain the
file in memory indefinitely once it has been read that many times.
You may wish to edit heavily used files to add buffering to the header by hand, or may use
the -buffer 5 option of pmlencrypt.exe to include a "buffer after five reads" tag in
each file encrypted.
A value of five is a good number to start with. Many files are read precisely once during
module start up - there is little benefit in buffering those files, and a value of five will avoid
that, but apply to all heavily used files.
If a file you are actively developing has a header including buffering, it will not be re-read as
often as you are used to. To force all buffered files to be cleared from memory if they are not
in current use, you can issue the PML REHASH or PML INDEX commands, or switch
modules.
2.6.1
Editing Published PML Files

Most changes made to an encrypted PML file will make it unusable, (the software will report
a corrupt file if you try) but there are a few exceptions:
You may add or change a buffering-value in the Published PML header-line, eg:
--<004>-- Published PML 1.1 >-may be changed to
--<004-5>-- Published PML 1.1 >-Adding a buffering-value of 5 (see later for details)
You may change the 2nd line of RC4 or Basic encrypted files to report a different error or
message, eg
--<004>-- Published PML 1.1 >--
return error 99 'Unable to decrypt file in this software

version'
$** 9ad7b51fc44384a8601979728b185f52
may be changed to
--<004>-- Published PML 1.1 >--
return error 66 'You need a patch - ring Ian on extension

6655'
$** 9ad7b51fc44384a8601979728b185f52
You may change lines within Trivial or unencrypted.

2:6
12 Series

2.7
Access Password and Database Protection

Database protection allows a database to be designated as 'protected', refer to User Guide
Administration / Creating the Main Admin Elements / Databases / Creating Databases,
meaning that users are prevented from using any export mechanism to copy model data.
The basic method used to protect data is to not allow access to certain key attributes from
the command line or PML scripts (or any other API). However, through a constrained
opening mechanism, key attribute access in customer PML applications can be allowed.
That is, customer PML applications are granted access to key attributes from encrypted
PML protected with an access password.
The protected access password is a password set by the project administrator and stored in
the protected database. The password specified in the encrypted PML must match this
database password. This would allow encrypted PML applications with a given password to
access and use the protected attributes in databases that match that password, but in other
situations (password does not match, or unencrypted PML, C#) access would continue to
be denied.
The onus is placed on the writer of the PML to use attribute values in calculations without
displaying or exporting the attribute value. The PML could of course output the value of a
protected attribute (and thus circumvent the security), so rigorous code review procedures
should be used to ensure developers have not unintentionally exposed data considered to
have protection.
PML applications may be run against different projects (different set of databases) that need
to be protected differently. This could be done by having multiple sets of encrypted PML,
each set tied to one project (or to be more precise, to a set of protected databases that have
the same password). If the same set of PML files requires access to different projects,
protected differently, multiple passwords needs to be applied to the set of PML files via PML
Publisher.
We recommend that passwords should be
Between eight and fifteen characters long
Use characters from the ranges a-zA-Z0-9
Other characters are possible, but if you choose to use others;
Do not use any of |'@$/* as these may have special meanings in command syntax
Space characters at the start and end of a password are ignored
If you use any non-ASCII characters (eg etc) use the -passfile option to read the
password(s) from a utf8 file with a Byte-order-Mark to avoid differences in encoding
causing problems.
Do not use the -pass option with passwords including spaces or any other nonAlphanumeric ASCII characters
If you require more than one password you may use either of the following approaches;
Use multiple -pass options on the same command
Put the passwords in a text file - one on each line - and then use a -passfile command
Examples:
pmlencrypt -pmllib input_pmllib output_pmllib -pass

Fexc5kmFRfc -pass ll4f6DedrfggFr
pmlencrypt input_file.mac output_file.mac -passfile
securelocation\passwordfile.txt

2:7
12 Series

where passwordfile.txt contains
Fexc5kmFRfc
ll4f6DedrfggFr
2.8
Examples
2.8.1
Single File
To encrypt a single file with the RC4 algorithm:
pmlencrypt
2.8.2
raw.txt
encrypted.txt
Folder of Files
To encrypt a folder of files with the basic algorithm and buffering after three reads:
pmlencrypt -basic -buffer 3 raw_folder .folder
2.8.3
Simple PMLLIB Structure

To encrypt a %PMLLIB% -structured hierarchy of files with no encryption algorithm but
buffering after five reads (see below for a fuller example):
pmlencrypt -pmllib -none -buffer 5 pmllib pmllib_buffered
2.8.4
Restrict who can use an Encrypted File

If you wish to not only encrypt a pml file, but also to restrict the sites at which it can be run,
you can include extra tests within the pml before encrypting it. For example, the q banner
company command returns a company dependent string from the license file, and you can
test that within your encrypted pml file. In this case the test is that the string includes
"AVEVA"
var !company banner company
if not !company.matchwild('*AVEVA*') then
return error 99 'This file is not authorised for $!company'
endif
2.8.5
Full Worked Example: Encrypting PMLLIB

These are the steps you can follow to encrypt the PML files in a PMLLIB folder hierarchy.
PMLLIB contains many files, some of them are PML files - which can be encrypted, and
some of them are other types of files which cannot (for example icon and index files).
Steps you can follow are:
Check that the files and folders you will be working with have current backups. If delete
or overwrite your only copies of a file there is no way to get it back from an encrypted
version.
Find the PMLLIB folder you wish to encrypt, and make sure that no-one is using it. In
this example I will assume that the folder is called 'pmllib' and that the PML Publisher
encryption utility has been installed in the same folder.
Start a command window.
Change directory to the folder containing the PMLLIB folder.

2:8
12 Series

Rename the PMLLIB folder:

rename pmllib pmllib_original
Make a complete writeable version of the pmllib folder and all its contents in the original
location:
xcopy /E /I pmllib_original pmllib
Encrypt from the pmllib_original back to pmllib (this will replace with encrypted versions
all files that have .pmlmac, .pmlfrm, .pmlobj or .pmlfunc extensions, but leave other
files unchanged)
.\pmlencrypt.exe -pmllib pmllib_original pmllib
Before distributing files containing Intellectual Property that you wish to protect you
must check that all the correct files are encrypted. Folder comparison programs (such
as 'Beyond Compare' from Scooter Software) allow you to identify files that were not
changed by the pmlencrypt - for example because they have different file extensions or
because files were read-only.

2:9
12 Series


2:10
12 Series

Using Encrypted Files

Provided that you have a compatible version of the software then encrypted files can be
read transparently in all modules that include PML.
11.5.SP2 and 11.6.SP4 versions released before January 2008 support an "Early Adopter"
encryption type 3, which is no longer supported from the first full release of PML Publisher
1.0. AVEVA released updated versions 11.5.SP2.11 and 11.6.SP4.9 supporting the
replacement encryption type 4, which is also supported in AVEVA 12-series and later 11.5series and 11.6-series releases.
If you have existing encrypted files encrypted with encryption type 3, you must re-encrypt
the original source to encryption type 4 if you wish to use them with versions 12.0,
11.6.SP4.9, 11.5.SP2.11 and later releases.
If you attempt to display or record encrypted PML using the $R commands, you will find that
all lines are replaced by the text <hidden>. Error messages and trace-backs will include
function names, but not the text of each line.
The only circumstance in which hidden lines can become visible is under certain
circumstances during a macro which includes a module-switch. After a module switch, any
remaining lines in that macro may or may not be traceable. This may change in a future
release.
3.1
Error Messages
You may see the following error messages:
(46,103) PML: Encrypted
file is corrupt or of unknown
format
You are trying to read an encrypted file that has

become corrupted (e.g. the encrypted text has been
edited)
(46,104) PML: Encrypted

file is in an obsolete and
unsupported format
You are trying to read an encrypted file created with

an algorithm that is no longer supported.
Unable to decrypt file in this

software version
You are trying to read an encrypted file in an

incompatible software version
(e.g. the algorithms were created in a later software
version)
or:
You are trying to read an RC4-encrypted file on a
PC that doesn't have the Microsoft Base
Cryptographic Provider installed (this is not
expected to occur)

3:1
12 Series


3:2
12 Series
Index
Buffering . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
Licensing . . . . . . . . . . . . . . . . . . . . . . . . 2:1
Editing Published PML Files . . . . . . . . . . 2:6

Encryption
Algorithms . . . . . . . . . . . . . . . . . . . . 2:4
Basic . . . . . . . . . . . . . . . . . . . . . . . . . 2:5
No Encryption . . . . . . . . . . . . . . . . . . 2:5
Obsolete . . . . . . . . . . . . . . . . . . . . . . 2:4
RC4 Encryption . . . . . . . . . . . . . . . . 2:4
Serious Warnings . . . . . . . . . . . . . . . 1:1
Trivial . . . . . . . . . . . . . . . . . . . . . . . . 2:5
Utility Program . . . . . . . . . . . . . . . . . 2:1
Error Messages . . . . . . . . . . . . . . . . . . . 3:1
Examples . . . . . . . . . . . . . . . . . . . . . . . . 2:8
Possible Workflow . . . . . . . . . . . . . . . . . 2:1
U
Unicode and Encodings . . . . . . . . . . . . . 2:3
F
Files
Choosing . . . . . . . . . . . . . . . . . . . . . 2:2
Encrypted . . . . . . . . . . . . . . . . . . . . . 3:1
Folder Paths . . . . . . . . . . . . . . . . . . . 2:3
Folder Tree . . . . . . . . . . . . . . . . . . . . 2:3
in a Folder . . . . . . . . . . . . . . . . . . . . 2:3
Names . . . . . . . . . . . . . . . . . . . . . . . 2:2
Single . . . . . . . . . . . . . . . . . . . . . . . . 2:3
H
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1

Index page 1
12 Series

PDMS User Bulletin

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDMS User Bulletin

Uploaded by

Copyright:

Available Formats

PML Publisher

AVEVA Solutions Limited

PML Publisher User Guide

September 2011 12.1.1

Copyright added to all pages.

Hot New chapter added; 2.7 Access Password and Database

PML Publisher User Guide

PML Publisher User Guide

PML Publisher User Guide

Using the PML Encryption Utility Program. . . . . . . . . . . . . . . . . . . . 2:1

Choosing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:2

Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:4

Access Password and Database Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:7

Copyright 1974 to current year.

PML Publisher User Guide

Using Encrypted Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1

Copyright 1974 to current year.

PML Publisher User Guide

Serious Warnings About Encryption

Copyright 1974 to current year.

PML Publisher User Guide

Copyright 1974 to current year.

PML Publisher User Guide

Using the PML Encryption Utility Program

Copy the source folders to a new location

Test your new encrypted PML.

AVEVA PML Publisher Mk2.1 (Jan 00 2013)

Copyright 1974 to current year.

PML Publisher User Guide

pmlencrypt [-rc4|-basic|-trivial|-none] [-buffer N] [folder|-pmllib] from_path to_path

uses 40-bit RC4 encryption from the Microsoft Base Cryptographic

uses a simple low-security encryption algorithm

uses a human-decipherable encryption scheme - for testing only

no encryption, but can be used with -buffer N

causes the file to be retained in memory until a module switch once

is used to encrypt ALL files from the folder from_path to

is used to encrypt ALL .pmlobj .pmlfnc .pmlfrm and

password, add an IPR password to the encrypted PML

file, add IPR password(s) stored in file to the encrypted PML

show number of defined passwords in an encrypted PML file

is the file or folder to be encrypted

is the output file or folder

File and Folder Names

rename the affected files before and after encryption

Copyright 1974 to current year.

PML Publisher User Guide

All Files in a Folder

Files in a pmllib-like Folder Tree

Unicode and Encodings

Copyright 1974 to current year.

PML Publisher User Guide

Encryption Type 4: RC4 Encryption

Encryption Type 3: Obsolete

return error 99 'This file is not readable by this version of PDMS'

Copyright 1974 to current year.

PML Publisher User Guide

Encryption Type 2: Basic Encryption

Encryption Type 1: Trivial Encryption

It can be selected by the -trivial option.

$p Decryption not available $*$

Encryption Type 0: No Encryption

Copyright 1974 to current year.

PML Publisher User Guide