input-file

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Name of the input file that ENCRYPT$ENCRYPT_FILE is to process.
    The input-file argument is the address of a string descriptor
    pointing to the file specification string for the input file.

    Wildcard characters are valid. To specify multiple input files,
    you must use wildcard characters.

 output-file

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Name of the output file that ENCRYPT$ENCRYPT_FILE is to generate.
    The output-file argument is the address of a string descriptor
    pointing to the file specification for the output file to be
    processed.

    You can use wildcard characters. To specify the same names for
    the output and input files, use a null character as the output-
    file argument.

 key-name

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Name of the key used when ENCRYPT$ENCRYPT_FILE processes files.
    The key-name argument is the address of a string descriptor
    pointing to the name of the key to be used in initializing the
    encrypt or decrypt stream used for each file processed.

 algorithm

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Name of the algorithm that ENCRYPT$ENCRYPT_FILE uses to
    initialize the process stream. The algorithm argument is the
    address of a string descriptor pointing to the name of the
    algorithm.

    For DES, the following algorithms are valid:

    o  DESCBC (default)

    o  DESECB

    o  DESCFB

    For AES, the following algorithms are valid:

    o  Cipher block chaining:

          AESCBC128 (default)
          AESCBC192
          AESCBC256

    o  Electronic code book:

          AESECB128
          AESECB192
          AESECB256

    o  Cipher feedback:

          AESCFB128
          AESCFB192
          AESCFB256

    o  Output feedback:

          AESOFB128
          AESOFB192
          AESOFB256

 file-flags

    type:      longword
    access:    read only
    mechanism: by reference
    Flags that specify how ENCRYPT$ENCRYPT_FILE performs the file
    operation. The file-flags argument is the address of a longword
    containing a mask of flags. ENCRYPT$ENCRYPT_FILE Flags shows the
    function of each flag.

    Table 9-2 ENCRYPT$ENCRYPT_FILE Flags

    Flag                   Function

    ENCRYPT$M_FILE_        Compresses file data before encryption.
    COMPRESS
    ENCRYPT$M_FILE_        Flag set: encrypts the file.
    ENCRYPT
                           Flag clear: decrypts the file.
    ENCRYPT$M_FILE_DELETE  Deletes the input file when the operation
                           completes.
    ENCRYPT$M_FILE_ERASE   Erases the file with the security data
                           pattern before deleting it.
    ENCRYPT$M_FILE_KEY_    Flag set: Treats the key value as a
    VALUE                  literal value and does not compress it.

                           Flag clear: Treats the key value as a
                           text string that can be compressed.

                           If the KEY_NAME parameter is present,
                           this flag is ignored.
    ENCRYPT$M_FILE_AES     Flag set: indicates encrypting a file with
                           an AES key and algorithm

    There is an additional FILE_AES flag mask (and value) that is
    used with the ENCRYPT$ENCRYPT_FILE routine when encrypting
    files using an AES algorithm. The ENCRYPT$ENCRYPT_FILE_FLAGS
    are used to control file operations such as cipher direction,
    file compression and so on. The FILE_AES flag controls file AES
    initialization and cipher operation.

 item-list

    type:      item_list_3
    access:    read only
    mechanism: by descriptor
    The optional item-list argument is used to override the data
    algorithm parameter. This argument substitutes one algorithm for
    another that is similar in function but that may be different
    in its name. In other words, it overrides the name of the
    algorithm that is found in the random key record with the name
    of the algorithm you provided in the override descriptor. This
    process provides a way to open files that were encrypted with an
    algorithm name that may be different than the algorithm name in
    the decrypt environment.

 ENCRYPT$K_DATA_ALGORITHM

    type:      3 longwords
    access:    read only
    mechanism: by descriptor
    Algorithm to be used to encrypt the file. This argument specifies
    the address and length of the name string of the algorithm.

    The following algorithms are valid:

    o  DESCBC (default)

    o  DESECB

    o  DESCFB

    For AES, the following algorithms are valid:

    o  Cipher block chaining:

          AESCBC128 (default)
          AESCBC192
          AESCBC256

    o  Electronic code book:

          AESECB128
          AESECB192
          AESECB256

    o  Cipher feedback:

          AESCFB128
          AESCFB192
          AESCFB256

    o  Output feedback:

          AESOFB128
          AESOFB192
          AESOFB256