SpyderByte.com: OpenVMS.org dcl.OpenVMS.org de.OpenVMS.org fr.OpenVMS.org Tru64.org
Island Computers


   
Home Contribute News, Jobs, Press Releases, etc. Advertise on OpenVMS.org About/Contact Search News Archives
More Links
Printer friendly version
Share this story

Navigation
OpenVMS.org Features
Hobbyist Registration
Featured Articles
VMS Audio Update (archives)
Golden Eggs
Need Help
Forums, Lists & Groups
Docs, Manuals & Tutorials, etc.
VMS Beginners
Documentation
FAQs/How-to/Journals
Books
Developer Resources
Misc. Resources
For Hire
Hardware Vendors
Training & Education
Software
Commercial
Opensource & Freeware
Security, Patches, ECOs
Security Advisories
Patches/Updates
Alpahaserver firmware
Older Alpahaserver firmware

Forums
HPSC: OpenVMS
Hobbyist Forums
Usenet: comp.os.vms
StackOverflow (VMS)

OpenVMS.org Info
OpenVMS.org Staff:
Ken Farmer Follow OpenVMS.Org on Twitter
Ian Miller Follow Ian Miller on Twitter
Susan Skonetski Follow MamaVMS on Twitter
About
Search
Archives
Mobile
Submit News
Advertising

Google Ads


OpenVMS.org Polls
What brand of smartphone do you use?
iPhone
Android-based
Blackberry
Other
Don't have smartphone

[ results | polls ]



Latest News

Encryption for OpenVMS
Posted by Ian on Wednesday April 23 2008 @ 09:24AM EDT
Paul Mosteika (OpenVMS Engineering) recently posted the following useful summary of Encryption for OpenVMS which I reproduce here with permission.

"There have been some recent postings regarding Encryption for OpenVMS. I provide the following to set the facts straight.

The former VAX Encryption for OpenVMS (single DES) was updated with the AES encryption algorithm, (Encrypt-AES V2.0) and introduced into (integrated with) the OpenVMS version V8.3 operating system. The standard NIST AES 16 byte block, 128, 192, or 256 bit keys with ECB and CBC block modes, and CFB and OFB byte stream modes are optionally available, 128 bit AES CBC (/key_alg=AESCBC128 /data_alg=AESCBC128) is the default for AES, DES CBC if not specified.

The encryption library utilized is from SSL (which is also shipped with OpenVMS). Although its single block I/O file encryption design hasn't been changed from the original design during the late 70's and early 80's was very slow.

Since that time, we have improved Encrypt's I/O performance by a factor of 35 to 40x faster (using multiple buffer, aggregated writes, pre-allocation and larger read-ahead). This was part of Encrypt version V2.1 that was released with OpenVMS version V8.3-1H1 and later. We also made this latest version work with 2 terabyte file sizes, and fixed a few bugs.

1 GB File using V8.3 Image without Fix

$ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
$ exit
SYSTEM job terminated at 4-APR-2007 18:02:18.42

Accounting information:
Buffered I/O count: 25082 Peak working set size: 4304
Direct I/O count: 2225059 Peak virtual size: 176144
Page faults: 306 Mounted volumes: 0
Charged CPU time: 0 00:10:47.17 Elapsed time: 0 03:30:53.53

1 GB File with ENCRYPSHR Fix

$ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
$ exit
SYSTEM job terminated at 9-APR-2007 11:30:53.06
Accounting information:

Buffered I/O count: 83 Peak working set size: 5600
Direct I/O count: 47432 Peak virtual size: 177776
Page faults: 387 Mounted volumes: 0
Charged CPU time: 0 00:05:30.26 Elapsed time: 0 00:05:42.28

I would say that's an improvement.

Encryption for OpenVMS is backward compatible with DES encryption, so conversion from single DES (56 bit keys) to the stronger AES encryption is simple. Encryption (DES or AES) works with BACKUP, $ BACKUP/ENCRYPT, to encrypt save-sets of files or image save-sets. Encryption for OpenVMS also has file integrity checking with its MAC message authentication code qualifier and database. Encryption works with ODS-2 and ODS-5 volumes on Alpha and Integrity systems and has a set of API's to support those applications.

We have not updated VAX Encryption. So that separately licensed product supports encryption with only DES encryption, also MAC and BACKUP/ENCRYPT (DES) support.

To get around the slow I/O file encrypt problem with Encrypt version V 2.0 and earlier use BACKUP/ENCRYPT as it handles its own I/O."

< RIP: Dick Hustvedt | OpenVMS for the Hobbyist: Industrial Strength at No Cost >



Mailing Lists
OpenVMS.org News:
(Low volume newsletter)
Subscribe | Unsubscribe
OpenVMS.org Alerts:
(Security & Patch Alerts)
Subscribe | Unsubscribe

Sponsors
Island Computers


Virtual VAX & Alpha

HoffmanLabs.com

The OpenVMS Consultant


Interested in Advertising?
Contact us...


Friends of VMS
HP usergroups...
Encompasserve/DECUServe
OpenVMS Hobbyist
Itanium Solutions Alliance
Aaron's OpenVMS blog
Alexey Chupahin
Arne Vajhoej
DECUS Library Compendium
DJE Systems
Dr OpenVMS blog
Francesco Gennai
Eight-Cubed blog
Free OpenVMS Software
Galen Tackett
HoffmanLabs
Hunter Goatley
Ian Miller
Influential Software
Itanium Solutions Alliance
Jeff Cameron
John Fisher
Syltrem VMS Page (French)
Kednos PL/I
Keith Parris
Migration Specialties
Noetic Systems, Inc
OpenOffice Port to VMS
OpenVMSPlanet.org
OpenVMS Rocks
Preatorian.net
Retrobeep
Steven M. Schweda
SYSMGR Blog
TMESIS Software
Trends That Matter
VAMP (VMS, Apache, MySQL, PHP)
VIM
Vaxination
Visio Cafe (HP Templates)
VMSresource.org.uk
XDelta
Free VMS Accounts:
Deathrow Public OpenVMS Cluster
DECUServe/EISNER
Polarhome
Fafner
Poetry Hacklab
Marway.Org


In Memory: John Wisniewski
In Memory:Terry Shannon


Add, edit, report problems here...

OpenVMS Ring

OpenVMS Webring

Prev

Random

Next

Prev5

List

Next5



Home About & Contact Search Archive Mobile Submit News Sponsorship & Advertising
     Copyright © 2001-2012 SCORSE, LLC
OpenVMS® is a trademark of HP
All other trademarks are those of their owners.
    
  SpyderByte.com ;Technical Portals