Copyright Digital Equipment Corp. All rights reserved.

AES_Features

   AES encryption, like DES, is a symmetric block cipher. However,
   its algorithm is very different, its key scheduling and number of
   rounds is based on key size (10, 12, or 14 rounds for 128, 192,
   and 256 bit keys), making AES much stronger cryptographically.
   AES features allows any user, system manager, security manager,
   or programmer to secure their files, save-sets, or application
   data with strong AES Encryption. It is integrated with OpenVMS
   Version 8.3 and does not require a separate product license or
   installation.

   Encrypt-AES provides the following features and compatibility:

   o  The former data encryption standard (DES) algorithm is
      maintained for use with existing DES data and their
      applications. All the functions that existed with DES continue
      to provide that same level of DES support.

   o  Encrypt-AES is integrated with BACKUP for encrypting and
      decrypting save sets with AES or DES.

   o  Command-line use of Encrypt-AES is the same as Encrypt-DES,
      with minor changes to qualifiers (see the encryption routines
      below).

   o  Changes to the ENCRYPT$ application programming interface
      (API) are minimal, with only textual parameter or flag changes
      required to use the AES algorithm.

   o  Encrypt-AES supports the AES algorithm with four different
      cipher modes. With each mode, you can specify a secret key in
      three different lengths (128, 192, and 256 bits), for a total
      of 12 different cipher and decipher operations:

      o  Cipher block chaining:

            AESCBC128
            AESCBC192
            AESCBC256

      o  Electronic code book:

            AESECB128
            AESECB192
            AESECB256

      o  Cipher feedback:

            AESCFB128
            AESCFB192
            AESCFB256

      o  Output feedback:

            AESOFB128
            AESOFB192
            AESOFB256

   o  The additional AES algorithm, modes, and key sizes are
      specified in the algorithm parameter to the ENCRYPT$ENCRYPT_
      FILE and the ENCRYPT$INIT routine, or specified in the
      algorithm-name parameter for the ENCRYPT$GENERATE_KEY routine.

   o  AES Key-Length Requirements- The AES key requirements are
      the actual number of bits utilized for each of the AES modes.
      This is actually the minimum number of bytes needed for the
      encryption or decryption operation. The minimum required key
      sizes are as follows:

      -  128 bit mode = 16 byte key

      -  192 bit mode = 24 byte key

      -  256 bit mode = 32 byte key