This directory contains a simple AES encryption/decryption program that uses
CDSA, along with the necessary files to build it on OpenVMS.  It consists of
two source files (AES.C and DO_AES.C), and two build files (AES_BUILD.COM and
AES.OPT).

CDSA must be initialized before this program is run.  This needs to be done
on a one-time basis, by executing the following command:

	$ @SYS$STARTUP:CDSA$INITIALIZE

The AES example program can be build by copying the example files into a local
build area, and executing the AES_BUILD command file, as follows:

	$ copy SYS$SYSROOT:[SYSHLP.EXAMPLES.CDSA.AES]*.* <local_build_area>
	$ SET DEF <local_build_area>
	$ @AES_BUILD

The resulting AES.EXE file can be run as a foreign command.  This can be set up
via:

	$ AES :== $<local_build_area>AES.EXE

The program can then be executed with the following options:

	-e	: encrypt with supplied key (requires -k switch)
	-d	: decrypt with supplied key (requires -k switch)
	-h	: specifies that the supplied key is up to a 64 character
                  hexadecimal number
	-k key	: use key "key" (apostrophes {aka, single quotes} are necessary if used with -h)

NOTE:   Up to 64 characters are used for 256 bit AES (this example is included in CDSA)
        Up to 48 characters are used for 192 bit AES
	Up to 32 characters are used for 128 bit AES

To encrypt MYFILE.TXT using an ascii key with the AES example program, you
would issue the following command:

	$ aes -e -k "xyzzy" MYFILE.TXT MYFILE.AES

To decrypt the same file, you would issue this command:

	$ aes -d -k "xyzzy" MYFILE.AES MYFILE.TXT

To encrypt/decrypt using a hexadecimal key, use a key length of exactly 64
typed characters (32 hex bytes), and the -h switch as follows:

	$ aes -e -k '012abcde012abcde' -h MYFILE.TXT MYFILE.AES
	$ aes -d -k '012abcde012abcde' -h MYFILE.AES MYFILE.TXT

NOTE:   Up to 64 characters are used for 256 bit AES (32 hex bytes, 256 bits)
        Up to 48 characters are used for 192 bit AES (24 hex bytes, 192 bits)
	Up to 32 characters are used for 128 bit AES (16 hex bytes, 128 bits)

To Change this example to a 128 or 192 bit AES example do following:
        1. Edit aes.c
	2. Change the key size from key[32] to 
		key[24] for 192 bit AES
                key[16] for 128 bit AES
	3. Edit do_aes.c
	4. Change "key.KeyHeader.AlgorithmId = CSSM_ALGID_EVP_AES_256;" to
		  "key.KeyHeader.AlgorithmId = CSSM_ALGID_EVP_AES_192;" for 192 bit AES
                  "key.KeyHeader.AlgorithmId = CSSM_ALGID_EVP_AES_128;" for 128 bit AES
        5. Rebuild