07-20-2009 04:52 PM
The Utility Routines Manual (v8.3, 2006) says little about the encrypted and decrypted data length - supposedly the descriptors are dynamically adjusted but mine in C aren't. It has no examples and says that ENCRYPT$ENCRYPT can be used for decryption. It also says under every listing of "Condition Values Returned" the useful(!) message "ENCRYPT$xyz - An error reported by the Encryption Software. The xyz portion identifies the message." but doesn't tell you where to find the further information.
I eventually found the document "Encryption for OpenVMS" dated 2001 (any changes since then?) and while it also has the ENCRYPT$xyz message at least it says to find the details in its appendix. Alas no examples, no discussion of data length and the same comment about ENCRYPT$ENCRYPT also decrypting.
I'd appreciate any pointers to some decent documentation and/or examples. Any warnings or gotcha's would also be helpful.
07-20-2009 05:16 PM
In particular, are the string descriptors created here being created and managed as dynamic descriptors?
(Apologies on what may be an obvious question and something you've already looked at, but it's been my experience that this whole area can be very confusing to C programmers working on OpenVMS.)
07-20-2009 05:22 PM
...this for C code which sets up a descriptor and then allocations storage for it via lib$sget1_dd().
The OpenVMS FAQ also has some details on this (first URL), and then the (second) article touches (very!) briefly on this topic.
And if you're already familiar with descriptors, please ignore the above.
07-20-2009 05:31 PM
I've pressed on with my work because I can't be sure if responses will appear quickly or not.
Now I'm using ENCRYPT$ENCRYPT and ENCRYPT$DECRYPT to try to get the data lengths. The first matches the input string (89 bytes) but the DECRYPT comes back with 128 bytes. I expected maybe 96 as multiple of 16.
07-20-2009 05:47 PM
If I explicitly modify the C descriptor for the encrypted text to use the returned 'output_length' value from the ENCRYPT$ENCRYPT function the correct text size is produced by the ENCRYPT$DECRYPT function. (This is probably linked to the encryption form that I'm using but I've not tested that yet.)
07-22-2009 02:15 AM
You may find a dynamic string descriptor a simpler solution.
Purely Personal Opinion
07-22-2009 02:50 PM
I have to say that the documentation for ENCRYPT is some of the worst I have seen from OpenVMS people in a long time. It needs separate sections for DES and AES encryption, some coding examples, better descriptions of errors and decent proof reading (e.g. last paragraph before description of P1 for ENCRYPT$ENCRYPT).
P.S. Ian M mentioned static descriptors requiring manual adjustment to length. I had already tried dynamic descriptors and that failed. According to the documentation ny of descriptor of type DCS$K_DTYPE_T should work and that's what C uses, so maybe this failure to adjust the length field in the descriptor is something else that needs investigation.