____________________________________________________ Encryption for OpenVMS Release Notes May 2007 Revision/Update Information: This manual supersedes the Encryption for OpenVMS Release Notes, Version V2.0. Operating System: OpenVMS Alpha Versions V8.3 and later OpenVMS Itanium Versions V8.3 and later Software Version: Encryption for OpenVMS Version V2.1 Hewlett-Packard Company Palo Alto, California ________________________________________________________________ © 2007 Hewlett-Packard Development Company, L.P. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from Hewlett-Packard required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Hewlett-Packard shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. The Hewlett-Packard OpenVMS documentation set is available on CD-ROM. _________________________________________________________________ Contents Preface................................................... v 1 New Features - Version V2.1 1.1 Large file (2 Terabytes) encryption/decryption 1-1 1.1 Improved input/output performance ............ 1-1 1.1 Functional use with ODS-5 and /PARSE=EXTENDED 1-1 1.2 Previous Release - New Features, AES ......... 1-2 1.3 Previous Release - MAC for Multiple Files .... 1-3 2 Corrected Problems - Version V2.1 2.1 Large File Encryption ........................ 2-1 2.1 Input/Output Performance ..................... 2-1 2.2 ENCRYPT /COMPRESS ............................ 2-2 2.2 /PARSE=EXTENDED .............................. 2-2 2.2 %STR-F-FATINTERR or ACCVIO Mixing AES/DES Keys 2-2 2.3 Previous Version Corrected Problems .......... 2-3 3 Known Problems and Restrictions 3.0 ENCRYPT /COMPRESS of BACKUP Saveset Files .... 3-1 3.1 BACKUP Utility and Encryption ................ 3-1 3.1.1 Key Value You Specify with BACKUP/ENCRYPT .......................................... 3-1 3.1.2 Length of Key Name You Specify with BACKUP/ENCRYPT ........................... 3-2 3.2 Installation Verification Test Procedure Failures...................................... 3-2 3.2.1 IVP Failures Due to ENCRYPT.CLD Commands.. 3-2 3.3 OpenVMS Upgrade (Prior to V8.3) Requires Removing Encrypt.............................. 3-3 3.4 Product Producer Name Change Requires Reinstalling Encrypt ......................... 3-4 3.5 Mixing Algorithms and Key Names .............. 3-4 iii _________________________________________________________________ Preface The Encryption for OpenVMS product (Encryption) is now integrated with OpenVMS V8.3 operating system that runs on OpenVMS Alpha and OpenVMS Itanium systems. Purpose These Release Notes provide information for Encryption for OpenVMS Version 2.1, an update. Intended Audience The Encryption for OpenVMS Release Notes document is for users and managers of the Encryption for OpenVMS software. Document Structure The Encryption for OpenVMS Release Notes document consists of three chapters: o New Features (Chapter 1) o Corrected Problems (Chapter 2) o Known Problems and Restrictions (Chapter 3) Related Information The following documents provide additional information about the Encryption for OpenVMS product: o Federal Information Processing Standards (FIPS) PUB 46-2 - DATA ENCRYPTION STANDARD - 30 December 1993 o Federal Information Processing Standards (FIPS) PUB 197 - ADVANCED ENCRYPTION STANDARD (AES) 26 November 2001 o Encryption for OpenVMS documentation set, consisting of: - Cover letter v - Encryption for OpenVMS Release Notes (this document) - New Features Manual - Encrypt-AES for OpenVMS - DCL online help for the ENCRYPT commands The Encryption for OpenVMS documentation presents only a simplified description of the encryption process. For complete information, see FIP 46-2 and FIPS 197. Terminology This document uses the following terms: o Encryption - software in the Encryption for OpenVMS that is now integrated within the operating system. o Command - DCL command. Any other command is identified as such. Reader's Comments Hewlett-Packard welcomes your comments on this manual. Please send comments to either of the following addresses: Internet http://h71000.www7.hp.com/doc/index.html Mail Hewlett-Packard Company OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698 How To Order Additional Documentation Visit the following World Wide Web address for information about how to order additional documentation: http://h71000.www7.hp.com/ vi Conventions The following conventions are used in this manual: Ctrl/x A sequence such as Ctrl/x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button. In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.) . . . Horizontal ellipsis points in examples indicate one of the following possibilities: o Additional optional arguments in a statement have been omitted. o The preceding item or items can be repeated one or more times. o Additional parameters, values, or other information can be entered. . Vertical ellipsis points indicate the . omission of items from a code example . or command format; the items are omitted because they are not important to the topic being discussed. ( ) In command format descriptions, parentheses indicate that, if you choose more than one option, you must enclose the choices in parentheses. [ ] In command format descriptions, brackets indicate optional elements. You can choose one, none, or all of the options. (Brackets are not optional, however, in the syntax of a directory name in an OpenVMS file specification or in the syntax of a substring specification in an assignment statement.) vii { } In command format descriptions, braces indicate a required choice of options; you must choose one of the options listed. boldface text Boldface text represents the introduction of a new term or the name of an argument, an attribute, or a reason. Boldface text is also used to show user input in Bookreader versions of the manual. italic text Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER=name), and in command parameters in text (where device- name contains up to five alphanumeric characters). UPPERCASE TEXT Uppercase text indicates a command, the name of a routine, the name of a file, the name of a node, the name of a user account, or the abbreviation for a system privilege. Monospace type Monospace type indicates command examples and interactive screen displays. In the C programming language, monospace type in text identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example. viii - A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line. numbers All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes - binary, octal, or hexadecimal - are explicitly indicated. ix 1 _________________________________________________________________ New Features 1.1 This release of Encryption for OpenVMS offers the following enhancements: o Large file encryption/decryption, up to two Terabytes o Improved input/output performance o Functional use with ODS-5 and /PARSE=EXTENDED process option o ENCRYPT/COMPRESS qualifier is now disabled due to errors These are the main areas of improvement for Encrypt version V2.1 for OpenVMS. More information related to each of these areas can be found in section 2, Corrected Problems. New Features 1-1 _________________________________________________________________ Previous Release - New Features o Encrypt V2.0 for OpenVMS 8.3 and later versions no longer require a license PAK to be installed for its use. o ENCRYPT /KEY_ALGORITHM=AESmmmkkk /DATA_ALGORITHM=AESmmmkkk The Advanced Encryption Standard (AES) encryption algorithm was added to Encryption V2.0 that supports the FIPS 197 NIST standard of encryption. Encrypt AES accepts four different modes and three different key sizes: AESCBC128 AESEBC128 AESCFB128 AESOFB128 AESCBC192 AESEBC192 AESCFB192 AESOFB192 AESCBC256 AESEBC256 AESCFB256 AESOFB256 Also, the DES algorithm that is fully backaward compatible. This allows decrypting files or savesets previously encrypted with DES and encrypting with AES. o V8.3 OpenVMS BACKUP has also been enhanced to take advantage of AES encryption for savesets. o Application programming interface calls accept the AES algorithm, mode, and key size. Also a new AES key and file flag. o When creating keys for AES, specifiy the qualifer /AES and ensure they meet the 16, 24, or 32 byte minimum. A maximimum key length is approximately 240 bytes. The remaining bytes are XOR folded into the proper key size. ENCRYPT /CREATE_KEY /AES KeyName "KeyValue of 16, 24, 32bytes" Previous Release - New Features 1-2 _________________________________________________________________ Previous Release - New Features The previous release of Encryption for OpenVMS offered the following enhancements: o /MULTIPLE_FILES qualifier A new qualifier has been added to the ENCRYPT /AUTHENTICATE file-spec command. The qualifier, /MULTIPLE_FILES, indicates that the file-spec represents a list of file names to be checked. The file-spec file is opened and each record is read and treated as a separate file. o Message Authentication Code (MAC) based on security settings An additional MAC has been created that is generated using the file's security settings: owner, protection settings, and optional ACL. The security MAC is used to check file integrity in conjunction with the existing MAC that is based on file contents. The MAC values are associated with one or more files and stored in binary databases. When you want to check file integrity, the software recalculates the MACs and then compares the current and stored MACs. Previous Release - New Features 1-3 2 _________________________________________________________________ Corrected Problems This chapter describes problems fixed in the this version of Encrypt. Problem - Large Files --------------------- A problem was corrected where Encrypt could not encrypt large files, files larger than 4,194,303 blocks or 2,147,483,136 bytes. The symptom was that Encrypt immediately returns to the command prompt with no error message. This leads the user to believe the file was properly encrypted, when in fact it was not. A directory /size comparison of the plain text source input file and the encrypted output file size indicates a problem due to the encrypted file being a much smaller size than the source file. Due to this design flaw, large files were not properly encrypted. Consequently, due to CRC and file corruption errors, these file could not be decrypted. This can lead to file recovery problems if the /DELETE qualifer is used that deletes the source input file once the encrypt operation is complete. This large file handling defect has been corrected with Encrypt version V2.1 Problem - Input/Output File Performance --------------------------------------- A problem was addressed with Encrypt version V 2.1 that corrects Encrypt's file I/O performance. Encrypt's performance was greatly improved using multiple buffered reads, and multi-buffered writes using $QIO eliminating two levels of caching (RMS and XFC) over the single RMS block I/O $READ and $WRITE. Encrypt users can expect much better performance, especially noted with larger files, noting an improved CPU utilization and less I/O latency between I/O's, and less overall encryption, decryption, and I/O operation completion time. Corrected Problems 2-1 _________________________________________________________________ Corrected Problems Problem - ENCRYPT /COMPRESS --------------------------- A problem was discovered that exists with all versions of Encrypt when using the ENCRYPT /COMPRESS with certain file types, such as .BCK and .EXE files. The problem occurs when trying to recover the original (plain text) data with the DECRYPT command. A key record CRC or some other error may occur. The actual encrypted data is incorrect, but no error occurs until decryption. This problem can be very serious if the /DELETE qualifier was used when encrypting, as the original file would be deleted. The original file could also be lost if the /OUTPUT=file-spec were ~not~ used when Encrypting and a PURGE command were issued. The /COMPRESS qualifier has been deprecated, disabling its use with Encrypt until we can resolve this issue. Decryption of compressed files will continue to work normally. Problem - /PARSE=EXTENDED ------------------------- A problem was corrected with Encrypt version V2.1 where %ENCRYPT-F-KEYLENERR errors are reported if the process parse style is set to extended. This usually ocurred when specifying the algorithm with the /KEY_ALGORITHM or the /DATA_ALGORITHM encrypt command qualifiers. Problem - %STR-F-FATINTERR or ACCVIO Mixing AES/DES Keys -------------------------------------------------------- A problem was corrected with Encrypt version V2.1 for errors reported that ranged from %STR-F-FATINTERR to ACCVIO. These errors ocurred when an incorrect /KEY_ALGORITHM=xxx was entered for an associated key name for encrypting or decrypting files, for example, selecting DESCBC and the key is an AES encrypted key. If there is a mismatch, the following error is now reported: $ encr zz my_aes_key /key=des /dat=des /out= zz.enc %ENCRYPT-S-ERASED, $80$DKB400:[TEST]ZZ.ENC;1 erased and deleted %ENCRYPT-F-AESMIXDES, error attempting to mix AES and DES key/data algorithm Corrected Problems 2-2 _________________________________________________________________ Previous Version - Corrected Problems This section describes problems fixed in the previous version of Encrypt. 1. The internal Encryption test command would cause an access violation and the program would abort: $ ENCRYPT/TEST/LOG This problem with this undocumented command has been corrected. 2. Various ENCRYPT shared images were either missing an image IDENTIFICATION string or it was truncated when viewed with the command ANALYZE/IMAGE. 3. The image SYS$SHARE:ENCRYSHR.EXE was not installed memory resident by the startup file- SYS$STARTUP:ENCRYPT_START.COM 4. Images ENCRYPT$ALG$DES and ENCRYPT$ALG$KEY were not installed. This lead to subtle errors if an application linked with ENCRYSHR.EXE was installed with privileges. 5. SYS$SHARE:ENCRYSHR.EXE file protection was inadvertantly set to WORLD=NO_ACCESS[1]. 6. The ENCRYSHR.EXE image was not replaced into the library IMAGELIB after ENCRYPT product removal. 7. The ENCRYSHR.EXE image did not inherit security attributes (ACL's) from its predecessor's profile on ENCRYPT product install[1]. ____________________ [1] ENCRYSHR.EXE image file protection is set to READ and EXECUTE for GROUP and WORLD by the Encryption product installation. Corrected Problems 2-3 3 _________________________________________________________________ Known Problems and Restrictions This release of the Encryption for OpenVMS software has the following identified problems and restrictions. 3.0 ENCRYPT /COMPRESS Backup_SaveSet.bck Using the compress qualifer and encrypt BACKUP save-sets can result in the following error during decryption of the data: %ENCRYPT-F-FILESTRUCT, input file structure error, filename_xxxx At this time this error affects only BACKUP save-sets files. HP recommends NOT to use ENCRYPT /COMPRESS with BACKUP save-sets files at this time. This qualifier has been deprecated as of version V2.1. 3.1 BACKUP Utility and Encryption Problems in the BACKUP utility impact the BACKUP /ENCRYPT feature in the following ways. 3.1.1 Key Value You Specify with BACKUP/ENCRYPT On OpenVMS Alpha systems, the BACKUP /ENCRYPT command restricts the way you can define key values. On the command line, you cannot specify key-value as an ASCII text string. For example, this command is not valid: $ BACKUP /ENCRYPT=(VALUE=MY-TEXT-STRING) Because the BACKUP command line with the /ENCRYPT qualifier requires either the NAME=key-name option or the VALUE=key- value option, use one of the following valid commands: o Workaround 1 Instead of defining the key value as an ASCII text string, use a hexadecimal constant that starts with a number of at lease 16 nibbles (8 bytes). For example, $ BACKUP /ENCRYPT=(VALUE=2F4A98F46BBC11DD) *.* - _$ BIRD-DATA.BCK /SAVE_SET Known Problems and Restrictions 3-1 o Workaround 2 Instead of defining a key value, specify an existing key name. For example: $ ENCRYPT /CREATE_KEY FLORIDA_KEYS "TROPICAL BIRDS FLOCK TOGETHER" $ BACKUP /ENCRYPT=(NAME=FLORIDA_KEYS) BIRD-DATA.TXT - _$ BIRD-DATA.BCK /SAVE_SET DISK$DISK01:[MORRIS.ENCRYPT.RN] 3.1.2 Length of Key Name You Specify with BACKUP/ENCRYPT With the Encryption for OpenVMS Version 2.0 software, the BACKUP /ENCRYPT command fails to enforce the minimal length of the DES key name values (NAME=key-name), as follows: 8 text characters or 15 hexadecimal characters To avoid possible problems, use the stated minimums. Note: AES key minimums are 16, 24 and 32 bytes, depending on which key size is selected: 128, 192, or 256 bits. 3.2 Installation Verification Test Procedure Failures The Encrypt installation verification test procedure (IVP) may fail if the test is manually rerun from the system account without first logging out and logging back in after product installation. 3.2.1 IVP Failures Due to ENCRYPT.CLD Commands During installation the Encrypt commands are set in the DCL Tables. These new commands are acquired by any new process that logs in. However, these commands were set only temporarily during the IVP test for the Encrypt installation process. If you have not logged out after the installation and receive the following error when attempting to invoke the ENCRYPT$IVP test procedure manually: 3-2 Known Problems and Restrictions %DCL-W-IVVERB, unrecognized command verb - check validity and spelling \ENCRYPT\ then manually set the new Encrypt DCL commands and re- invoke the IVP test procedure: $ SET COMMAND SYS$SHARE:ENCRYPT $ @ SYS$TEST:ENCRYPT$IVP.COM 3.3 OpenVMS Upgrade (Prior to V8.3) Requires Reinstalling Encrypt An error occurs attempting to use the Encryption product after an upgrade of the OpenVMS operating system, if Encryption was installed prior to the upgrade for OpenVMS versions prior to V8.3: %DCL-W-ACTIMAGE, error activating image ENCRYPSHR -SYSTEM-F-SHRIDMISMAT, ident mismatch with shareable image Note that a different version (a stub) of this image was replaced during the upgrade, requiring reinstallation of the ENCRYPT product. Encryption was integrated with OpenVMS version V8.3, so V8.3 and later upgrades are not affected by this problem. A workaround to avoid Encryption reinstallation is to temporarily rename the file from SYS$COMMON:[SYSLIB]ENCRYPSHR.EXE to another name prior to the OpenVMS upgrade. Once the upgrade is complete, it can be renamed back to its original name. Known Problems and Restrictions 3-3 3.4 Product Producer Name Change Requires Removing Encrypt The Encryption producer name has changed from CPQ to HP for Alpha (and Itanium systems). This is visible in the PCSI filename and the PCSI database, for example: CPQ-AXPVMS-ENCRYPT-V0106--1.PCSI --> HP-AXPVMS-ENCRYPT-V0201--1.PCSI CPQ AXPVMS ENCRYPT V1.6 --> HP AXPVMS ENCRYPT V2.1 However, for Alpha systems, this producer name is different from what is registerd in the PCSI database. Consequently, this requires first removing the encrypt product, then installing it. 3.5 Mixing Algorithms and Key Names When entering a key name for encrypting or decrypting files, ensure the key name matches the desired encryption algorithm, AES or DES. If there is a mismatch, the error reported is: $ encr zz my_aes_key /key=des /dat=des /out= zz.enc %ENCRYPT-S-ERASED, $80$DKB400:[TEST]ZZ.ENC;1 erased and deleted %ENCRYPT-F-AESMIXDES, error attempting to mix AES and DES key/data algorithm When specifiying a key name for AES encryption, you must also use both of the (optional to DES) qualifiers /KEY_ALGORITHM=AESxxxxxx and /DATA_ALGORITHM_AESxxxxxx for encryption. Only the /KEY_ALGORITHM=AESxxxxxx qualifier is specified for decryption. Keys are decrypted from the logical name key store using the DES default algorithm if not specified. If the key was encrypted with AES, DES now decrypts the key to an incorrect sequence, part of which is the key length. Keys encrypted with AES are denoted by an AES key flag. This is shown with a SHOW LOGICAL command show log enc* /table=encrypt$key_store (LNM$PROCESS_TABLE) "ENCRYPT$KEY$MY_AES_KEY" = "Ý:°.ùßpÀ.\S.ÏñùZK¦.HÉq!Ç.±.*p..Ý.O$.ݯ¹,¶ê.0=?9á.M..iO.." = "AES" Known Problems and Restrictions 3-4