Encrypts or decrypts data files.
Format
ENCRYPT$ENCRYPT_FILE input-file, output-file, key-name,
algorithm, file-flags [,item-list]
1 – Arguments
input-file
type: char_string
access: read only
mechanism: by descriptor
Name of the input file that ENCRYPT$ENCRYPT_FILE is to process.
The input-file argument is the address of a string descriptor
pointing to the file specification string for the input file.
Wildcard characters are valid. To specify multiple input files,
you must use wildcard characters.
output-file
type: char_string
access: read only
mechanism: by descriptor
Name of the output file that ENCRYPT$ENCRYPT_FILE is to generate.
The output-file argument is the address of a string descriptor
pointing to the file specification for the output file to be
processed.
You can use wildcard characters. To specify the same names for
the output and input files, use a null character as the output-
file argument.
key-name
type: char_string
access: read only
mechanism: by descriptor
Name of the key used when ENCRYPT$ENCRYPT_FILE processes files.
The key-name argument is the address of a string descriptor
pointing to the name of the key to be used in initializing the
encrypt or decrypt stream used for each file processed.
algorithm
type: char_string
access: read only
mechanism: by descriptor
Name of the algorithm that ENCRYPT$ENCRYPT_FILE uses to
initialize the process stream. The algorithm argument is the
address of a string descriptor pointing to the name of the
algorithm.
For DES, the following algorithms are valid:
o DESCBC (default)
o DESECB
o DESCFB
For AES, the following algorithms are valid:
o Cipher block chaining:
AESCBC128 (default)
AESCBC192
AESCBC256
o Electronic code book:
AESECB128
AESECB192
AESECB256
o Cipher feedback:
AESCFB128
AESCFB192
AESCFB256
o Output feedback:
AESOFB128
AESOFB192
AESOFB256
file-flags
type: longword
access: read only
mechanism: by reference
Flags that specify how ENCRYPT$ENCRYPT_FILE performs the file
operation. The file-flags argument is the address of a longword
containing a mask of flags. ENCRYPT$ENCRYPT_FILE Flags shows the
function of each flag.
Table 9-2 ENCRYPT$ENCRYPT_FILE Flags
Flag Function
ENCRYPT$M_FILE_ Compresses file data before encryption.
COMPRESS
ENCRYPT$M_FILE_ Flag set: encrypts the file.
ENCRYPT
Flag clear: decrypts the file.
ENCRYPT$M_FILE_DELETE Deletes the input file when the operation
completes.
ENCRYPT$M_FILE_ERASE Erases the file with the security data
pattern before deleting it.
ENCRYPT$M_FILE_KEY_ Flag set: Treats the key value as a
VALUE literal value and does not compress it.
Flag clear: Treats the key value as a
text string that can be compressed.
If the KEY_NAME parameter is present,
this flag is ignored.
ENCRYPT$M_FILE_AES Flag set: indicates encrypting a file with
an AES key and algorithm
There is an additional FILE_AES flag mask (and value) that is
used with the ENCRYPT$ENCRYPT_FILE routine when encrypting
files using an AES algorithm. The ENCRYPT$ENCRYPT_FILE_FLAGS
are used to control file operations such as cipher direction,
file compression and so on. The FILE_AES flag controls file AES
initialization and cipher operation.
item-list
type: item_list_3
access: read only
mechanism: by descriptor
The optional item-list argument is used to override the data
algorithm parameter. This argument substitutes one algorithm for
another that is similar in function but that may be different
in its name. In other words, it overrides the name of the
algorithm that is found in the random key record with the name
of the algorithm you provided in the override descriptor. This
process provides a way to open files that were encrypted with an
algorithm name that may be different than the algorithm name in
the decrypt environment.
ENCRYPT$K_DATA_ALGORITHM
type: 3 longwords
access: read only
mechanism: by descriptor
Algorithm to be used to encrypt the file. This argument specifies
the address and length of the name string of the algorithm.
The following algorithms are valid:
o DESCBC (default)
o DESECB
o DESCFB
For AES, the following algorithms are valid:
o Cipher block chaining:
AESCBC128 (default)
AESCBC192
AESCBC256
o Electronic code book:
AESECB128
AESECB192
AESECB256
o Cipher feedback:
AESCFB128
AESCFB192
AESCFB256
o Output feedback:
AESOFB128
AESOFB192
AESOFB256