VMS Help  —  ENCRYPT Routine, AES Features
    AES encryption, like DES, is a symmetric block cipher. However,
    its algorithm is very different, its key scheduling and number of
    rounds is based on key size (10, 12, or 14 rounds for 128, 192,
    and 256 bit keys), making AES much stronger cryptographically.
    AES features allows any user, system manager, security manager,
    or programmer to secure their files, save-sets, or application
    data with strong AES Encryption. It is integrated with OpenVMS
    Version 8.3 and does not require a separate product license or
    installation.

    Encrypt-AES provides the following features and compatibility:

    o  The former data encryption standard (DES) algorithm is
       maintained for use with existing DES data and their
       applications. All the functions that existed with DES continue
       to provide that same level of DES support.

    o  Encrypt-AES is integrated with BACKUP for encrypting and
       decrypting save sets with AES or DES.

    o  Command-line use of Encrypt-AES is the same as Encrypt-DES,
       with minor changes to qualifiers (see the encryption routines
       below).

    o  Changes to the ENCRYPT$ application programming interface
       (API) are minimal, with only textual parameter or flag changes
       required to use the AES algorithm.

    o  Encrypt-AES supports the AES algorithm with four different
       cipher modes. With each mode, you can specify a secret key in
       three different lengths (128, 192, and 256 bits), for a total
       of 12 different cipher and decipher operations:

       o  Cipher block chaining:

             AESCBC128
             AESCBC192
             AESCBC256

       o  Electronic code book:

             AESECB128
             AESECB192
             AESECB256

       o  Cipher feedback:

             AESCFB128
             AESCFB192
             AESCFB256

       o  Output feedback:

             AESOFB128
             AESOFB192
             AESOFB256

    o  The additional AES algorithm, modes, and key sizes are
       specified in the algorithm parameter to the ENCRYPT$ENCRYPT_
       FILE and the ENCRYPT$INIT routine, or specified in the
       algorithm-name parameter for the ENCRYPT$GENERATE_KEY routine.

    o  AES Key-Length Requirements- The AES key requirements are
       the actual number of bits utilized for each of the AES modes.
       This is actually the minimum number of bytes needed for the
       encryption or decryption operation. The minimum required key
       sizes are as follows:

       -  128 bit mode = 16 byte key

       -  192 bit mode = 24 byte key

       -  256 bit mode = 32 byte key
Close Help