2
0

des.pod 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. =pod
  2. =head1 NAME
  3. des - encrypt or decrypt data using Data Encryption Standard
  4. =head1 SYNOPSIS
  5. B<des>
  6. (
  7. B<-e>
  8. |
  9. B<-E>
  10. ) | (
  11. B<-d>
  12. |
  13. B<-D>
  14. ) | (
  15. B<->[B<cC>][B<ckname>]
  16. ) |
  17. [
  18. B<-b3hfs>
  19. ] [
  20. B<-k>
  21. I<key>
  22. ]
  23. ] [
  24. B<-u>[I<uuname>]
  25. [
  26. I<input-file>
  27. [
  28. I<output-file>
  29. ] ]
  30. =head1 NOTE
  31. This page describes the B<des> stand-alone program, not the B<openssl des>
  32. command.
  33. =head1 DESCRIPTION
  34. B<des>
  35. encrypts and decrypts data using the
  36. Data Encryption Standard algorithm.
  37. One of
  38. B<-e>, B<-E>
  39. (for encrypt) or
  40. B<-d>, B<-D>
  41. (for decrypt) must be specified.
  42. It is also possible to use
  43. B<-c>
  44. or
  45. B<-C>
  46. in conjunction or instead of the a encrypt/decrypt option to generate
  47. a 16 character hexadecimal checksum, generated via the
  48. I<des_cbc_cksum>.
  49. Two standard encryption modes are supported by the
  50. B<des>
  51. program, Cipher Block Chaining (the default) and Electronic Code Book
  52. (specified with
  53. B<-b>).
  54. The key used for the DES
  55. algorithm is obtained by prompting the user unless the
  56. B<-k>
  57. I<key>
  58. option is given.
  59. If the key is an argument to the
  60. B<des>
  61. command, it is potentially visible to users executing
  62. ps(1)
  63. or a derivative. To minimise this possibility,
  64. B<des>
  65. takes care to destroy the key argument immediately upon entry.
  66. If your shell keeps a history file be careful to make sure it is not
  67. world readable.
  68. Since this program attempts to maintain compatibility with sunOS's
  69. des(1) command, there are 2 different methods used to convert the user
  70. supplied key to a des key.
  71. Whenever and one or more of
  72. B<-E>, B<-D>, B<-C>
  73. or
  74. B<-3>
  75. options are used, the key conversion procedure will not be compatible
  76. with the sunOS des(1) version but will use all the user supplied
  77. character to generate the des key.
  78. B<des>
  79. command reads from standard input unless
  80. I<input-file>
  81. is specified and writes to standard output unless
  82. I<output-file>
  83. is given.
  84. =head1 OPTIONS
  85. =over 4
  86. =item B<-b>
  87. Select ECB
  88. (eight bytes at a time) encryption mode.
  89. =item B<-3>
  90. Encrypt using triple encryption.
  91. By default triple cbc encryption is used but if the
  92. B<-b>
  93. option is used then triple ECB encryption is performed.
  94. If the key is less than 8 characters long, the flag has no effect.
  95. =item B<-e>
  96. Encrypt data using an 8 byte key in a manner compatible with sunOS
  97. des(1).
  98. =item B<-E>
  99. Encrypt data using a key of nearly unlimited length (1024 bytes).
  100. This will product a more secure encryption.
  101. =item B<-d>
  102. Decrypt data that was encrypted with the B<-e> option.
  103. =item B<-D>
  104. Decrypt data that was encrypted with the B<-E> option.
  105. =item B<-c>
  106. Generate a 16 character hexadecimal cbc checksum and output this to
  107. stderr.
  108. If a filename was specified after the
  109. B<-c>
  110. option, the checksum is output to that file.
  111. The checksum is generated using a key generated in a sunOS compatible
  112. manner.
  113. =item B<-C>
  114. A cbc checksum is generated in the same manner as described for the
  115. B<-c>
  116. option but the DES key is generated in the same manner as used for the
  117. B<-E>
  118. and
  119. B<-D>
  120. options
  121. =item B<-f>
  122. Does nothing - allowed for compatibility with sunOS des(1) command.
  123. =item B<-s>
  124. Does nothing - allowed for compatibility with sunOS des(1) command.
  125. =item B<-k> I<key>
  126. Use the encryption
  127. I<key>
  128. specified.
  129. =item B<-h>
  130. The
  131. I<key>
  132. is assumed to be a 16 character hexadecimal number.
  133. If the
  134. B<-3>
  135. option is used the key is assumed to be a 32 character hexadecimal
  136. number.
  137. =item B<-u>
  138. This flag is used to read and write uuencoded files. If decrypting,
  139. the input file is assumed to contain uuencoded, DES encrypted data.
  140. If encrypting, the characters following the B<-u> are used as the name of
  141. the uuencoded file to embed in the begin line of the uuencoded
  142. output. If there is no name specified after the B<-u>, the name text.des
  143. will be embedded in the header.
  144. =head1 SEE ALSO
  145. ps(1),
  146. L<des_crypt(3)|des_crypt(3)>
  147. =head1 BUGS
  148. The problem with using the
  149. B<-e>
  150. option is the short key length.
  151. It would be better to use a real 56-bit key rather than an
  152. ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
  153. radically reduces the time necessary for a brute-force cryptographic attack.
  154. My attempt to remove this problem is to add an alternative text-key to
  155. DES-key function. This alternative function (accessed via
  156. B<-E>, B<-D>, B<-S>
  157. and
  158. B<-3>)
  159. uses DES to help generate the key.
  160. Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will
  161. not decrypt filename (the B<-u> option will gobble the B<-d> option).
  162. The VMS operating system operates in a world where files are always a
  163. multiple of 512 bytes. This causes problems when encrypted data is
  164. send from Unix to VMS since a 88 byte file will suddenly be padded
  165. with 424 null bytes. To get around this problem, use the B<-u> option
  166. to uuencode the data before it is send to the VMS system.
  167. =head1 AUTHOR
  168. Eric Young (eay@cryptsoft.com)
  169. =cut