I have played with TrueCrypt volumes on a Windows XP system. I agree the ability to do something like it on VMS would be nice.
However, I am not convinced that it would not be a "huge project". At least it is unlikely to be as simple as adding conditionalized routines to call the encryption/decryption routines from the pre processing (FDT) routines and post-processing routines.
First, consider that LDDRIVER is at a layer below initialize and mount. LD devices currently use unmodified VMS software to do the initialization and mounting of devices. TrueCrypt (windows version at least) provides a front end to create, format (What VMS call INITIALIZE), and mount volumes (mounting volume in TrueCrypt/Windows is more like the combination of connecting an LD device and mounting it in VMS).
If this is going to be done at the Mount and Init time, then I will argue that this needs to be done by VMS engineering, not by a third party. This approach would possibly be the most general method, and could work on top on any LBN addressable storage. So it would be compatible with LD devices.
On the other hand, if it is going to be done by the LD software, I would guess that the "ld connect" is the place that a key would be supplied. I am not aware of a way to connect a device at anything less than system scope (i.e. the io database is a system wide construct, it is not designed to be group, job or process specific).
So it isn't clear to me how that would work with you mount/group example.
LDDRIVER was developed as a midnight project in Digital/Compaq/HP, but it is no longer being developed by hp. Jur no longer works for hp, and therefore his work on LD is now completely on this own time.
If this capability is ever added, I would suggest that the TrueCrypt implementation at least be investigated. I don't know how much of the work is being done by TrueCrypt software vs. Windows. My guess is that the TrueCrypt front end is just calling Windows routines to do the formatting of the underlying volume. I do know that it is possible to use the Windows format disk routine after the volume has be mounted by TrueCrypt, so that suggests to me that the encryption/decryption is being done at a lower level than the "file system" level. I created a 10 MB TrueCrypt volume and let it get formatted as FAT, then used windows to format the "drive" to NTFS (no key needs to be specified here). I was able to copy a file to the reformatted volume, then dismounted and remounted it (specifying the original key) and verified that the file was usable, so it does appear to me the encryption/decryption is being done at the logical block (device level) and not by the file system.
Jon
it depends
