HELPLIB.HLB  —  DECRYPT
    Decrypts files previously encrypted with the ENCRYPT command.
    DES is the default algorithm unless otherwise specified with
    the /KEY_ALGORITHM qualifier. The key specified must match the
    algorithm (DES or AES), and the same key is used to decrypt as
    was used to encrypt; a symmetric key algorithm.

    Format

      DECRYPT  input-file key-name [qualifiers]

1  –  Parameters

 input-file

    File names of the files to decrypt. If you use wildcard
    characters, do not include directory files or files with bad
    blocks.

 key-name

    Key name that was previously stored in the key storage table by
    the ENCRYPT /CREATE_KEY command.

2  –  Qualifiers

2.1    /BACKUP

       /BACKUP[=time]

    Selects files according to the dates of their most recent backup.

    This qualifier is relevant only when used with the /BEFORE or the
    /SINCE qualifier. In addition, do not use /BACKUP with /EXPIRED
    or /MODIFIED.

    If you omit time, TODAY is used. For more information on time
    specifications, see the OpenVMS User's Manual.

2.2    /BEFORE

       /BEFORE[=time]

    Selects files that have a creation time before the time you
    specify.

    If you omit time, TODAY is used. For more information on time
    specifications, see the OpenVMS User's Manual.

2.3    /BY_OWNER

       /BY_OWNER[=uic]
       /NOBY_OWNER

    Selects files with the owner UIC you specify.

    If you omit uic, the UIC of the current process is used. For
    more information on specifying UIC format, see the OpenVMS User's
    Manual.

2.4    /CONFIRM

       /CONFIRM
       /NOCONFIRM

    Controls whether or not a confirmation request is displayed
    before each decryption, as follows:

    Response         Meaning

    YES              Decrypts the file
    NO or <Return>   Does not decrypt the file (default)
    QUIT or          Does not decrypt the file or any subsequent
    <Ctrl/Z>         files
    ALL              Decrypts the file plus all subsequent files

2.5    /DELETE

       /DELETE
       /NODELETE

    Default: /NODELETE.

    Controls whether or not the input files are deleted after the
    decryption operation is complete and the output file is written
    and closed.

2.6    /ERASE

       /ERASE
       /NOERASE

    Controls whether or not the input files are erased with the data
    security pattern before being deleted. By default, the location
    in which the data was stored is not overwritten with the data
    security pattern. The /ERASE qualifier must be used with /DELETE.

2.7    /EXCLUDE

       /EXCLUDE=file-spec
       /NOEXCLUDE

    Excludes the specified files from the decryption operation. You
    can use wildcard characters. You do not need to enter an entire
    file specification. Any field that you omit defaults to the input
    file specification.

    Because directory files are never encrypted, you need not specify
    them.

2.8    /EXPIRED

       /EXPIRED[=time]

    Selects files according to the dates on which they expire.

    This qualifier is relevant only when used with the /BEFORE or the
    /SINCE qualifier. In addition, do not use /EXPIRED with /BACKUP
    or /MODIFIED.

    If you omit time, TODAY is used. For more information on time
    specifications, see the OpenVMS User's Manual.

2.9    /KEY_ALGORITHM

                       { DESCBC (default) }
       /KEY_ALGORITHM= { AESmmmkkk        }
                       {                  }

    Where mmm is the mode CBC, ECB, CFB, or OFB; and kkk is 128,
    192, or 256 bits. Cipher Block Chaining (CBC) and Electronic Code
    Book (ECB) are 16-byte block modes, meaning blocks are padded to
    16 bytes if necessary during encryption. The padding is removed
    during decryption. Cipher Feedback (CFB) and Output Feedback
    (OFB) are 8-bit character stream mode emulation, useful in data
    communications and where no padding is required. Note that /KEY_
    ALGORITHM=AES is a shortcut for specifying AESCBC128.

    The algorithm by which the random key and the initialization
    vector are protected within the encrypted file. Specify the same
    algorithm (AES or DES) that you used to encrypt the file and
    create the key, if not, the default is DESCBC.

2.10    /MODIFIED

       /MODIFIED[=time]

    Selects files according to the dates on which they were last
    modified.

    This qualifier is relevant only when used with the /BEFORE or the
    /SINCE qualifier. In addition, do not use /MODIFIED with /BACKUP
    or /EXPIRED.

    If you omit time, TODAY is used. For more information on time
    specifications, see the OpenVMS User's Manual.

2.11    /OUTPUT

       /OUTPUT=file-spec

    Alternate output file name for the decryption operation.

    By default, each input file decrypted is written to a separate
    output file that is one version higher than that of the input
    file. When using the /OUTPUT qualifier, specify the parts of the
    file specification different from the defaults. You do not need
    to provide an entire file specification. Any field that you omit
    defaults to the input file specification.

2.12    /SHOW

       /SHOW=(keyword-list)

    Controls whether or not the following information about the
    decryption operation is displayed on SYS$COMMAND:

    Keyword        Meaning

    FILES          Displays input and output file names on
                   SYS$COMMAND
    STATISTICS     Displays the encryption stream statistics:

                   o  Bytes processed

                   o  Internal records processed

                   o  CPU time consumed within the encryption
                      algorithm

2.13    /SINCE

       /SINCE[=time]

    Selects files that have a creation date before the time you
    specify.

    If you omit time, TODAY is used. For more information on time
    specifications, see the OpenVMS User's Manual.

2.14    /STATISTICS

    Similar to /SHOW, except that /STATISTICS lists both files and
    statistics, whereas /SHOW can be customized to list only one or
    the other.

3  –  Examples

    1.$ DECRYPT BOSTON MYKEY

      Decrypts the file name BOSTON using the DES key, MYKEY, and the
      DESCBC algorithm.

    2.$ DECRYPT CHIGAGO.ENC KEY2 /KEY=AESECB256 /OUT=CHICAGO.DEC

      Decrypts the file named CHICAGO.ENC using the AES key, KEY2,
      and the AESECB256 algorithm, renaming the decrypted output file
      to CHICAGO.DEC, the original plaintext file.
Close Help