"There have been some recent postings regarding Encryption for OpenVMS. I provide the following to set the facts straight.

The former VAX Encryption for OpenVMS (single DES) was updated with the AES encryption algorithm, (Encrypt-AES V2.0) and introduced into (integrated with) the OpenVMS version V8.3 operating system. The standard NIST AES 16 byte block, 128, 192, or 256 bit keys with ECB and CBC block modes, and CFB and OFB byte stream modes are optionally available, 128 bit AES CBC (/key_alg=AESCBC128 /data_alg=AESCBC128) is the default for AES, DES CBC if not specified.

The encryption library utilized is from SSL (which is also shipped with OpenVMS). Although its single block I/O file encryption design hasn't been changed from the original design during the late 70's and early 80's was very slow.

Since that time, we have improved Encrypt's I/O performance by a factor of 35 to 40x faster (using multiple buffer, aggregated writes, pre-allocation and larger read-ahead). This was part of Encrypt version V2.1 that was released with OpenVMS version V8.3-1H1 and later. We also made this latest version work with 2 terabyte file sizes, and fixed a few bugs.

1 GB File using V8.3 Image without Fix

$ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
$ exit
SYSTEM job terminated at 4-APR-2007 18:02:18.42

Accounting information:
Buffered I/O count: 25082 Peak working set size: 4304
Direct I/O count: 2225059 Peak virtual size: 176144
Page faults: 306 Mounted volumes: 0
Charged CPU time: 0 00:10:47.17 Elapsed time: 0 03:30:53.53

1 GB File with ENCRYPSHR Fix

$ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
$ exit
SYSTEM job terminated at 9-APR-2007 11:30:53.06
Accounting information:

Buffered I/O count: 83 Peak working set size: 5600
Direct I/O count: 47432 Peak virtual size: 177776
Page faults: 387 Mounted volumes: 0
Charged CPU time: 0 00:05:30.26 Elapsed time: 0 00:05:42.28

I would say that's an improvement.

Encryption for OpenVMS is backward compatible with DES encryption, so conversion from single DES (56 bit keys) to the stronger AES encryption is simple. Encryption (DES or AES) works with BACKUP, $ BACKUP/ENCRYPT, to encrypt save-sets of files or image save-sets. Encryption for OpenVMS also has file integrity checking with its MAC message authentication code qualifier and database. Encryption works with ODS-2 and ODS-5 volumes on Alpha and Integrity systems and has a set of API's to support those applications.

We have not updated VAX Encryption. So that separately licensed product supports encryption with only DES encryption, also MAC and BACKUP/ENCRYPT (DES) support.

To get around the slow I/O file encrypt problem with Encrypt version V 2.0 and earlier use BACKUP/ENCRYPT as it handles its own I/O."