1 =pod 2 3 =head1 NAME 4 5 des - encrypt or decrypt data using Data Encryption Standard 6 7 =head1 SYNOPSIS 8 9 B<des> 10 ( 11 B<-e> 12 | 13 B<-E> 14 ) | ( 15 B<-d> 16 | 17 B<-D> 18 ) | ( 19 B<->[B<cC>][B<ckname>] 20 ) | 21 [ 22 B<-b3hfs> 23 ] [ 24 B<-k> 25 I<key> 26 ] 27 ] [ 28 B<-u>[I<uuname>] 29 [ 30 I<input-file> 31 [ 32 I<output-file> 33 ] ] 34 35 =head1 NOTE 36 37 This page describes the B<des> stand-alone program, not the B<openssl des> 38 command. 39 40 =head1 DESCRIPTION 41 42 B<des> 43 encrypts and decrypts data using the 44 Data Encryption Standard algorithm. 45 One of 46 B<-e>, B<-E> 47 (for encrypt) or 48 B<-d>, B<-D> 49 (for decrypt) must be specified. 50 It is also possible to use 51 B<-c> 52 or 53 B<-C> 54 in conjunction or instead of the a encrypt/decrypt option to generate 55 a 16 character hexadecimal checksum, generated via the 56 I<des_cbc_cksum>. 57 58 Two standard encryption modes are supported by the 59 B<des> 60 program, Cipher Block Chaining (the default) and Electronic Code Book 61 (specified with 62 B<-b>). 63 64 The key used for the DES 65 algorithm is obtained by prompting the user unless the 66 B<-k> 67 I<key> 68 option is given. 69 If the key is an argument to the 70 B<des> 71 command, it is potentially visible to users executing 72 ps(1) 73 or a derivative. To minimise this possibility, 74 B<des> 75 takes care to destroy the key argument immediately upon entry. 76 If your shell keeps a history file be careful to make sure it is not 77 world readable. 78 79 Since this program attempts to maintain compatibility with sunOS's 80 des(1) command, there are 2 different methods used to convert the user 81 supplied key to a des key. 82 Whenever and one or more of 83 B<-E>, B<-D>, B<-C> 84 or 85 B<-3> 86 options are used, the key conversion procedure will not be compatible 87 with the sunOS des(1) version but will use all the user supplied 88 character to generate the des key. 89 B<des> 90 command reads from standard input unless 91 I<input-file> 92 is specified and writes to standard output unless 93 I<output-file> 94 is given. 95 96 =head1 OPTIONS 97 98 =over 4 99 100 =item B<-b> 101 102 Select ECB 103 (eight bytes at a time) encryption mode. 104 105 =item B<-3> 106 107 Encrypt using triple encryption. 108 By default triple cbc encryption is used but if the 109 B<-b> 110 option is used then triple ECB encryption is performed. 111 If the key is less than 8 characters long, the flag has no effect. 112 113 =item B<-e> 114 115 Encrypt data using an 8 byte key in a manner compatible with sunOS 116 des(1). 117 118 =item B<-E> 119 120 Encrypt data using a key of nearly unlimited length (1024 bytes). 121 This will product a more secure encryption. 122 123 =item B<-d> 124 125 Decrypt data that was encrypted with the B<-e> option. 126 127 =item B<-D> 128 129 Decrypt data that was encrypted with the B<-E> option. 130 131 =item B<-c> 132 133 Generate a 16 character hexadecimal cbc checksum and output this to 134 stderr. 135 If a filename was specified after the 136 B<-c> 137 option, the checksum is output to that file. 138 The checksum is generated using a key generated in a sunOS compatible 139 manner. 140 141 =item B<-C> 142 143 A cbc checksum is generated in the same manner as described for the 144 B<-c> 145 option but the DES key is generated in the same manner as used for the 146 B<-E> 147 and 148 B<-D> 149 options 150 151 =item B<-f> 152 153 Does nothing - allowed for compatibility with sunOS des(1) command. 154 155 =item B<-s> 156 157 Does nothing - allowed for compatibility with sunOS des(1) command. 158 159 =item B<-k> I<key> 160 161 Use the encryption 162 I<key> 163 specified. 164 165 =item B<-h> 166 167 The 168 I<key> 169 is assumed to be a 16 character hexadecimal number. 170 If the 171 B<-3> 172 option is used the key is assumed to be a 32 character hexadecimal 173 number. 174 175 =item B<-u> 176 177 This flag is used to read and write uuencoded files. If decrypting, 178 the input file is assumed to contain uuencoded, DES encrypted data. 179 If encrypting, the characters following the B<-u> are used as the name of 180 the uuencoded file to embed in the begin line of the uuencoded 181 output. If there is no name specified after the B<-u>, the name text.des 182 will be embedded in the header. 183 184 =head1 SEE ALSO 185 186 ps(1), 187 L<des_crypt(3)|des_crypt(3)> 188 189 =head1 BUGS 190 191 The problem with using the 192 B<-e> 193 option is the short key length. 194 It would be better to use a real 56-bit key rather than an 195 ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII 196 radically reduces the time necessary for a brute-force cryptographic attack. 197 My attempt to remove this problem is to add an alternative text-key to 198 DES-key function. This alternative function (accessed via 199 B<-E>, B<-D>, B<-S> 200 and 201 B<-3>) 202 uses DES to help generate the key. 203 204 Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will 205 not decrypt filename (the B<-u> option will gobble the B<-d> option). 206 207 The VMS operating system operates in a world where files are always a 208 multiple of 512 bytes. This causes problems when encrypted data is 209 send from Unix to VMS since a 88 byte file will suddenly be padded 210 with 424 null bytes. To get around this problem, use the B<-u> option 211 to uuencode the data before it is send to the VMS system. 212 213 =head1 AUTHOR 214 215 Eric Young (eay (a] cryptsoft.com) 216 217 =cut 218
