Encryption for OpenVMS, Version 1.6
Software
Product
Description
PRODUCT NAME: Encryption for OpenVMS, Version 1.6 SPD 26.74.06
Note: This Software Product Description describes the
Encryption for OpenVMS Version 1.6 software for In-
tegrity, Alpha and VAX computer families. Except where
explicitly noted, the features described in this SPD apply
equally to OpenVMS Integrity, Alpha and VAX systems.
Encryption Version 1.6 on Integrity and Alpha systems
running OpenVMS V8.2 and later does not require a
specific license, as this product is now covered under
the OpenVMS operating system license. An Encryption
license is required for all Alpha and VAX systems run-
ning versions of OpenVMS prior to Version 8.2.
PRODUCT SUMMARY
Encryption for OpenVMS is a layered product that en-
hances the confidentiality and integrity of information
stored on OpenVMS systems. The rapid growth of
business transactions over the Internet combined with
more system administration functions being outsourced,
heighten the need for stronger protection of your data.
Encryption for OpenVMS provides the ability for your in-
formation to transfer safely through unknown hands and
channels without disclosing its contents. Encryption for
OpenVMS also provides a mechanism to detect if your
information has been altered from its original form.
STANDARDS
Encryption for OpenVMS is a software implementation
of the Data Encryption Standard (DES) algorithm, from
the United States Government. Details on the DES
cryptographic algorithm are found in the Federal Infor-
mation Processing standard 46 (FIPS PUB 46-2).
DESCRIPTION
Encryption is a process that transforms data into an un-
readable form called cipher. Decryption transforms the
cipher back into its original (readable) form. Encryp-
tion for OpenVMS assures that the data you decrypt is
the same as your original data through synchronization
processes that utilizes variables known as keys. Once
encrypted, data can only be decrypted with the appro-
priate key. Thus, encryption can protect sensitive data
by limiting access to only individuals who have access
to the appropriate keys.
Data authentication is a two-step process that verifies
the authenticity of data, that is, that the data has not
been altered. The first step is to calculate code that is di-
rectly dependent on the data. Encryption for OpenVMS
supports the use of encrypted manipulation detection
codes (MDCs) and cryptographic message authentica-
tion codes (MACs). MDCs are generated by algebraic
functions that accept the data as input. Examples of
such functions include cyclic redundancy checks. En-
cryption for OpenVMS uses CRC-16 to calculate MDCs.
MACs are generated by cryptographic functions that
take the data as input. Encryption for OpenVMS uses
the DES algorithm to generate MACs. The second step
is to recalculate the code as needed. If the calculated
code is identical to the original code, there is assurance
that the original data has not been altered.
Encryption for OpenVMS provides these features.
A DCL interface from which users can:
• Encrypt and decrypt complete files
• Generate and verify MACs on complete files
August 2005