You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
217 lines
4.7 KiB
217 lines
4.7 KiB
=pod |
|
|
|
=head1 NAME |
|
|
|
des - encrypt or decrypt data using Data Encryption Standard |
|
|
|
=head1 SYNOPSIS |
|
|
|
B<des> |
|
( |
|
B<-e> |
|
| |
|
B<-E> |
|
) | ( |
|
B<-d> |
|
| |
|
B<-D> |
|
) | ( |
|
B<->[B<cC>][B<ckname>] |
|
) | |
|
[ |
|
B<-b3hfs> |
|
] [ |
|
B<-k> |
|
I<key> |
|
] |
|
] [ |
|
B<-u>[I<uuname>] |
|
[ |
|
I<input-file> |
|
[ |
|
I<output-file> |
|
] ] |
|
|
|
=head1 NOTE |
|
|
|
This page describes the B<des> stand-alone program, not the B<openssl des> |
|
command. |
|
|
|
=head1 DESCRIPTION |
|
|
|
B<des> |
|
encrypts and decrypts data using the |
|
Data Encryption Standard algorithm. |
|
One of |
|
B<-e>, B<-E> |
|
(for encrypt) or |
|
B<-d>, B<-D> |
|
(for decrypt) must be specified. |
|
It is also possible to use |
|
B<-c> |
|
or |
|
B<-C> |
|
in conjunction or instead of the a encrypt/decrypt option to generate |
|
a 16 character hexadecimal checksum, generated via the |
|
I<des_cbc_cksum>. |
|
|
|
Two standard encryption modes are supported by the |
|
B<des> |
|
program, Cipher Block Chaining (the default) and Electronic Code Book |
|
(specified with |
|
B<-b>). |
|
|
|
The key used for the DES |
|
algorithm is obtained by prompting the user unless the |
|
B<-k> |
|
I<key> |
|
option is given. |
|
If the key is an argument to the |
|
B<des> |
|
command, it is potentially visible to users executing |
|
ps(1) |
|
or a derivative. To minimise this possibility, |
|
B<des> |
|
takes care to destroy the key argument immediately upon entry. |
|
If your shell keeps a history file be careful to make sure it is not |
|
world readable. |
|
|
|
Since this program attempts to maintain compatibility with sunOS's |
|
des(1) command, there are 2 different methods used to convert the user |
|
supplied key to a des key. |
|
Whenever and one or more of |
|
B<-E>, B<-D>, B<-C> |
|
or |
|
B<-3> |
|
options are used, the key conversion procedure will not be compatible |
|
with the sunOS des(1) version but will use all the user supplied |
|
character to generate the des key. |
|
B<des> |
|
command reads from standard input unless |
|
I<input-file> |
|
is specified and writes to standard output unless |
|
I<output-file> |
|
is given. |
|
|
|
=head1 OPTIONS |
|
|
|
=over 4 |
|
|
|
=item B<-b> |
|
|
|
Select ECB |
|
(eight bytes at a time) encryption mode. |
|
|
|
=item B<-3> |
|
|
|
Encrypt using triple encryption. |
|
By default triple cbc encryption is used but if the |
|
B<-b> |
|
option is used then triple ECB encryption is performed. |
|
If the key is less than 8 characters long, the flag has no effect. |
|
|
|
=item B<-e> |
|
|
|
Encrypt data using an 8 byte key in a manner compatible with sunOS |
|
des(1). |
|
|
|
=item B<-E> |
|
|
|
Encrypt data using a key of nearly unlimited length (1024 bytes). |
|
This will product a more secure encryption. |
|
|
|
=item B<-d> |
|
|
|
Decrypt data that was encrypted with the B<-e> option. |
|
|
|
=item B<-D> |
|
|
|
Decrypt data that was encrypted with the B<-E> option. |
|
|
|
=item B<-c> |
|
|
|
Generate a 16 character hexadecimal cbc checksum and output this to |
|
stderr. |
|
If a filename was specified after the |
|
B<-c> |
|
option, the checksum is output to that file. |
|
The checksum is generated using a key generated in a sunOS compatible |
|
manner. |
|
|
|
=item B<-C> |
|
|
|
A cbc checksum is generated in the same manner as described for the |
|
B<-c> |
|
option but the DES key is generated in the same manner as used for the |
|
B<-E> |
|
and |
|
B<-D> |
|
options |
|
|
|
=item B<-f> |
|
|
|
Does nothing - allowed for compatibility with sunOS des(1) command. |
|
|
|
=item B<-s> |
|
|
|
Does nothing - allowed for compatibility with sunOS des(1) command. |
|
|
|
=item B<-k> I<key> |
|
|
|
Use the encryption |
|
I<key> |
|
specified. |
|
|
|
=item B<-h> |
|
|
|
The |
|
I<key> |
|
is assumed to be a 16 character hexadecimal number. |
|
If the |
|
B<-3> |
|
option is used the key is assumed to be a 32 character hexadecimal |
|
number. |
|
|
|
=item B<-u> |
|
|
|
This flag is used to read and write uuencoded files. If decrypting, |
|
the input file is assumed to contain uuencoded, DES encrypted data. |
|
If encrypting, the characters following the B<-u> are used as the name of |
|
the uuencoded file to embed in the begin line of the uuencoded |
|
output. If there is no name specified after the B<-u>, the name text.des |
|
will be embedded in the header. |
|
|
|
=head1 SEE ALSO |
|
|
|
ps(1), |
|
L<des_crypt(3)|des_crypt(3)> |
|
|
|
=head1 BUGS |
|
|
|
The problem with using the |
|
B<-e> |
|
option is the short key length. |
|
It would be better to use a real 56-bit key rather than an |
|
ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII |
|
radically reduces the time necessary for a brute-force cryptographic attack. |
|
My attempt to remove this problem is to add an alternative text-key to |
|
DES-key function. This alternative function (accessed via |
|
B<-E>, B<-D>, B<-S> |
|
and |
|
B<-3>) |
|
uses DES to help generate the key. |
|
|
|
Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will |
|
not decrypt filename (the B<-u> option will gobble the B<-d> option). |
|
|
|
The VMS operating system operates in a world where files are always a |
|
multiple of 512 bytes. This causes problems when encrypted data is |
|
send from Unix to VMS since a 88 byte file will suddenly be padded |
|
with 424 null bytes. To get around this problem, use the B<-u> option |
|
to uuencode the data before it is send to the VMS system. |
|
|
|
=head1 AUTHOR |
|
|
|
Eric Young (eay@cryptsoft.com) |
|
|
|
=cut
|
|
|