1 files changed, 186 insertions, 0 deletions
diff --git a/src/lib/libcrypto/des/des.man b/src/lib/libcrypto/des/des.man
new file mode 100644
index 0000000000..7e06a1851a
--- /dev/null
+++ b/src/lib/libcrypto/des/des.man
@@ -0,0 +1,186 @@
+.TH DES 1 
+.SH NAME
+des - encrypt or decrypt data using Data Encryption Standard
+.SH SYNOPSIS
+.B des
+(
+.B \-e
+|
+.B \-E
+) | (
+.B \-d
+|
+.B \-D
+) | (
+.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+) |
+[
+.B \-b3hfs
+] [
+.B \-k
+.I key
+]
+] [
+.B \-u\fR[\fIuuname\fR]
+[
+.I input-file
+[
+.I output-file
+] ]
+.SH DESCRIPTION
+.B des
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+.B \-e, \-E
+(for encrypt) or
+.B \-d, \-D
+(for decrypt) must be specified.
+It is also possible to use
+.B \-c
+or
+.B \-C
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+.I des_cbc_cksum.
+.LP
+Two standard encryption modes are supported by the
+.B des
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+.B \-b
+).
+.LP
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+.B `\-k
+.I key'
+option is given.
+If the key is an argument to the
+.B des
+command, it is potentially visible to users executing
+.BR ps (1)
+or a derivative.  To minimise this possibility,
+.B des
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+.LP
+Since this program attempts to maintain compatability with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+.B \-E, \-D, \-C
+or
+.B \-3
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+.B des
+command reads from standard input unless
+.I input-file
+is specified and writes to standard output unless
+.I output-file
+is given.
+.SH OPTIONS
+.TP
+.B \-b
+Select ECB
+(eight bytes at a time) encryption mode.
+.TP
+.B \-3
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+.B \-b
+option is used then triple ecb encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+.TP
+.B \-e
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+.TP
+.B \-E
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+.TP
+.B \-d
+Decrypt data that was encrypted with the \-e option.
+.TP
+.B \-D
+Decrypt data that was encrypted with the \-E option.
+.TP
+.B \-c
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+.B \-c
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+.TP
+.B \-C
+A cbc checksum is generated in the same manner as described for the
+.B \-c
+option but the DES key is generated in the same manner as used for the
+.B \-E
+and
+.B \-D
+options
+.TP
+.B \-f
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B \-s
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B "\-k \fIkey\fP"
+Use the encryption 
+.I key
+specified.
+.TP
+.B "\-h"
+The
+.I key
+is assumed to be a 16 character hexadecimal number.
+If the
+.B "\-3"
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+.TP
+.B \-u
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the -u are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the -u, the name text.des
+will be embedded in the header.
+.SH SEE ALSO
+.B ps (1)
+.B des_crypt(3)
+.SH BUGS
+.LP
+The problem with using the
+.B -e
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+.B -E, -D, -S
+and
+.B -3
+)
+uses DES to help generate the key.
+.LP
+Be carefully when using the -u option.  Doing des -ud <filename> will
+not decrypt filename (the -u option will gobble the d option).
+.LP
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the -u option
+to uuencode the data before it is send to the VMS system.
+.SH AUTHOR
+.LP
+Eric Young (eay@cryptsoft.com)

diff --git a/src/lib/libcrypto/des/des.man b/src/lib/libcrypto/des/des.man new file mode 100644 index 0000000000..7e06a1851a --- /dev/null +++ b/src/lib/libcrypto/des/des.man
@@ -0,0 +1,186 @@
	1	.TH DES 1
	2	.SH NAME
	3	des - encrypt or decrypt data using Data Encryption Standard
	4	.SH SYNOPSIS
	5	.B des
	6	(
	7	.B \-e
	8	\|
	9	.B \-E
	10	) \| (
	11	.B \-d
	12	\|
	13	.B \-D
	14	) \| (
	15	.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
	16	) \|
	17	[
	18	.B \-b3hfs
	19	] [
	20	.B \-k
	21	.I key
	22	]
	23	] [
	24	.B \-u\fR[\fIuuname\fR]
	25	[
	26	.I input-file
	27	[
	28	.I output-file
	29	] ]
	30	.SH DESCRIPTION
	31	.B des
	32	encrypts and decrypts data using the
	33	Data Encryption Standard algorithm.
	34	One of
	35	.B \-e, \-E
	36	(for encrypt) or
	37	.B \-d, \-D
	38	(for decrypt) must be specified.
	39	It is also possible to use
	40	.B \-c
	41	or
	42	.B \-C
	43	in conjunction or instead of the a encrypt/decrypt option to generate
	44	a 16 character hexadecimal checksum, generated via the
	45	.I des_cbc_cksum.
	46	.LP
	47	Two standard encryption modes are supported by the
	48	.B des
	49	program, Cipher Block Chaining (the default) and Electronic Code Book
	50	(specified with
	51	.B \-b
	52	).
	53	.LP
	54	The key used for the DES
	55	algorithm is obtained by prompting the user unless the
	56	.B `\-k
	57	.I key'
	58	option is given.
	59	If the key is an argument to the
	60	.B des
	61	command, it is potentially visible to users executing
	62	.BR ps (1)
	63	or a derivative. To minimise this possibility,
	64	.B des
	65	takes care to destroy the key argument immediately upon entry.
	66	If your shell keeps a history file be careful to make sure it is not
	67	world readable.
	68	.LP
	69	Since this program attempts to maintain compatability with sunOS's
	70	des(1) command, there are 2 different methods used to convert the user
	71	supplied key to a des key.
	72	Whenever and one or more of
	73	.B \-E, \-D, \-C
	74	or
	75	.B \-3
	76	options are used, the key conversion procedure will not be compatible
	77	with the sunOS des(1) version but will use all the user supplied
	78	character to generate the des key.
	79	.B des
	80	command reads from standard input unless
	81	.I input-file
	82	is specified and writes to standard output unless
	83	.I output-file
	84	is given.
	85	.SH OPTIONS
	86	.TP
	87	.B \-b
	88	Select ECB
	89	(eight bytes at a time) encryption mode.
	90	.TP
	91	.B \-3
	92	Encrypt using triple encryption.
	93	By default triple cbc encryption is used but if the
	94	.B \-b
	95	option is used then triple ecb encryption is performed.
	96	If the key is less than 8 characters long, the flag has no effect.
	97	.TP
	98	.B \-e
	99	Encrypt data using an 8 byte key in a manner compatible with sunOS
	100	des(1).
	101	.TP
	102	.B \-E
	103	Encrypt data using a key of nearly unlimited length (1024 bytes).
	104	This will product a more secure encryption.
	105	.TP
	106	.B \-d
	107	Decrypt data that was encrypted with the \-e option.
	108	.TP
	109	.B \-D
	110	Decrypt data that was encrypted with the \-E option.
	111	.TP
	112	.B \-c
	113	Generate a 16 character hexadecimal cbc checksum and output this to
	114	stderr.
	115	If a filename was specified after the
	116	.B \-c
	117	option, the checksum is output to that file.
	118	The checksum is generated using a key generated in a sunOS compatible
	119	manner.
	120	.TP
	121	.B \-C
	122	A cbc checksum is generated in the same manner as described for the
	123	.B \-c
	124	option but the DES key is generated in the same manner as used for the
	125	.B \-E
	126	and
	127	.B \-D
	128	options
	129	.TP
	130	.B \-f
	131	Does nothing - allowed for compatibility with sunOS des(1) command.
	132	.TP
	133	.B \-s
	134	Does nothing - allowed for compatibility with sunOS des(1) command.
	135	.TP
	136	.B "\-k \fIkey\fP"
	137	Use the encryption
	138	.I key
	139	specified.
	140	.TP
	141	.B "\-h"
	142	The
	143	.I key
	144	is assumed to be a 16 character hexadecimal number.
	145	If the
	146	.B "\-3"
	147	option is used the key is assumed to be a 32 character hexadecimal
	148	number.
	149	.TP
	150	.B \-u
	151	This flag is used to read and write uuencoded files. If decrypting,
	152	the input file is assumed to contain uuencoded, DES encrypted data.
	153	If encrypting, the characters following the -u are used as the name of
	154	the uuencoded file to embed in the begin line of the uuencoded
	155	output. If there is no name specified after the -u, the name text.des
	156	will be embedded in the header.
	157	.SH SEE ALSO
	158	.B ps (1)
	159	.B des_crypt(3)
	160	.SH BUGS
	161	.LP
	162	The problem with using the
	163	.B -e
	164	option is the short key length.
	165	It would be better to use a real 56-bit key rather than an
	166	ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
	167	radically reduces the time necessary for a brute-force cryptographic attack.
	168	My attempt to remove this problem is to add an alternative text-key to
	169	DES-key function. This alternative function (accessed via
	170	.B -E, -D, -S
	171	and
	172	.B -3
	173	)
	174	uses DES to help generate the key.
	175	.LP
	176	Be carefully when using the -u option. Doing des -ud <filename> will
	177	not decrypt filename (the -u option will gobble the d option).
	178	.LP
	179	The VMS operating system operates in a world where files are always a
	180	multiple of 512 bytes. This causes problems when encrypted data is
	181	send from unix to VMS since a 88 byte file will suddenly be padded
	182	with 424 null bytes. To get around this problem, use the -u option
	183	to uuencode the data before it is send to the VMS system.
	184	.SH AUTHOR
	185	.LP
	186	Eric Young (eay@cryptsoft.com)