diff options
Diffstat (limited to 'crypto/des/des.man')
-rw-r--r-- | crypto/des/des.man | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/crypto/des/des.man b/crypto/des/des.man new file mode 100644 index 0000000000..7e06a1851a --- /dev/null +++ b/crypto/des/des.man @@ -0,0 +1,186 @@ +.TH DES 1 +.SH NAME +des - encrypt or decrypt data using Data Encryption Standard +.SH SYNOPSIS +.B des +( +.B \-e +| +.B \-E +) | ( +.B \-d +| +.B \-D +) | ( +.B \-\fR[\fPcC\fR][\fPckname\fR]\fP +) | +[ +.B \-b3hfs +] [ +.B \-k +.I key +] +] [ +.B \-u\fR[\fIuuname\fR] +[ +.I input-file +[ +.I output-file +] ] +.SH DESCRIPTION +.B des +encrypts and decrypts data using the +Data Encryption Standard algorithm. +One of +.B \-e, \-E +(for encrypt) or +.B \-d, \-D +(for decrypt) must be specified. +It is also possible to use +.B \-c +or +.B \-C +in conjunction or instead of the a encrypt/decrypt option to generate +a 16 character hexadecimal checksum, generated via the +.I des_cbc_cksum. +.LP +Two standard encryption modes are supported by the +.B des +program, Cipher Block Chaining (the default) and Electronic Code Book +(specified with +.B \-b +). +.LP +The key used for the DES +algorithm is obtained by prompting the user unless the +.B `\-k +.I key' +option is given. +If the key is an argument to the +.B des +command, it is potentially visible to users executing +.BR ps (1) +or a derivative. To minimise this possibility, +.B des +takes care to destroy the key argument immediately upon entry. +If your shell keeps a history file be careful to make sure it is not +world readable. +.LP +Since this program attempts to maintain compatability with sunOS's +des(1) command, there are 2 different methods used to convert the user +supplied key to a des key. +Whenever and one or more of +.B \-E, \-D, \-C +or +.B \-3 +options are used, the key conversion procedure will not be compatible +with the sunOS des(1) version but will use all the user supplied +character to generate the des key. +.B des +command reads from standard input unless +.I input-file +is specified and writes to standard output unless +.I output-file +is given. +.SH OPTIONS +.TP +.B \-b +Select ECB +(eight bytes at a time) encryption mode. +.TP +.B \-3 +Encrypt using triple encryption. +By default triple cbc encryption is used but if the +.B \-b +option is used then triple ecb encryption is performed. +If the key is less than 8 characters long, the flag has no effect. +.TP +.B \-e +Encrypt data using an 8 byte key in a manner compatible with sunOS +des(1). +.TP +.B \-E +Encrypt data using a key of nearly unlimited length (1024 bytes). +This will product a more secure encryption. +.TP +.B \-d +Decrypt data that was encrypted with the \-e option. +.TP +.B \-D +Decrypt data that was encrypted with the \-E option. +.TP +.B \-c +Generate a 16 character hexadecimal cbc checksum and output this to +stderr. +If a filename was specified after the +.B \-c +option, the checksum is output to that file. +The checksum is generated using a key generated in a sunOS compatible +manner. +.TP +.B \-C +A cbc checksum is generated in the same manner as described for the +.B \-c +option but the DES key is generated in the same manner as used for the +.B \-E +and +.B \-D +options +.TP +.B \-f +Does nothing - allowed for compatibility with sunOS des(1) command. +.TP +.B \-s +Does nothing - allowed for compatibility with sunOS des(1) command. +.TP +.B "\-k \fIkey\fP" +Use the encryption +.I key +specified. +.TP +.B "\-h" +The +.I key +is assumed to be a 16 character hexadecimal number. +If the +.B "\-3" +option is used the key is assumed to be a 32 character hexadecimal +number. +.TP +.B \-u +This flag is used to read and write uuencoded files. If decrypting, +the input file is assumed to contain uuencoded, DES encrypted data. +If encrypting, the characters following the -u are used as the name of +the uuencoded file to embed in the begin line of the uuencoded +output. If there is no name specified after the -u, the name text.des +will be embedded in the header. +.SH SEE ALSO +.B ps (1) +.B des_crypt(3) +.SH BUGS +.LP +The problem with using the +.B -e +option is the short key length. +It would be better to use a real 56-bit key rather than an +ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII +radically reduces the time necessary for a brute-force cryptographic attack. +My attempt to remove this problem is to add an alternative text-key to +DES-key function. This alternative function (accessed via +.B -E, -D, -S +and +.B -3 +) +uses DES to help generate the key. +.LP +Be carefully when using the -u option. Doing des -ud <filename> will +not decrypt filename (the -u option will gobble the d option). +.LP +The VMS operating system operates in a world where files are always a +multiple of 512 bytes. This causes problems when encrypted data is +send from unix to VMS since a 88 byte file will suddenly be padded +with 424 null bytes. To get around this problem, use the -u option +to uuencode the data before it is send to the VMS system. +.SH AUTHOR +.LP +Eric Young (eay@cryptsoft.com) |