diff options
Diffstat (limited to 'src/lib/libcrypto/des/des.pod')
-rw-r--r-- | src/lib/libcrypto/des/des.pod | 217 |
1 files changed, 217 insertions, 0 deletions
diff --git a/src/lib/libcrypto/des/des.pod b/src/lib/libcrypto/des/des.pod new file mode 100644 index 0000000000..bf479e83d2 --- /dev/null +++ b/src/lib/libcrypto/des/des.pod | |||
@@ -0,0 +1,217 @@ | |||
1 | =pod | ||
2 | |||
3 | =head1 NAME | ||
4 | |||
5 | des - encrypt or decrypt data using Data Encryption Standard | ||
6 | |||
7 | =head1 SYNOPSIS | ||
8 | |||
9 | B<des> | ||
10 | ( | ||
11 | B<-e> | ||
12 | | | ||
13 | B<-E> | ||
14 | ) | ( | ||
15 | B<-d> | ||
16 | | | ||
17 | B<-D> | ||
18 | ) | ( | ||
19 | B<->[B<cC>][B<ckname>] | ||
20 | ) | | ||
21 | [ | ||
22 | B<-b3hfs> | ||
23 | ] [ | ||
24 | B<-k> | ||
25 | I<key> | ||
26 | ] | ||
27 | ] [ | ||
28 | B<-u>[I<uuname>] | ||
29 | [ | ||
30 | I<input-file> | ||
31 | [ | ||
32 | I<output-file> | ||
33 | ] ] | ||
34 | |||
35 | =head1 NOTE | ||
36 | |||
37 | This page describes the B<des> stand-alone program, not the B<openssl des> | ||
38 | command. | ||
39 | |||
40 | =head1 DESCRIPTION | ||
41 | |||
42 | B<des> | ||
43 | encrypts and decrypts data using the | ||
44 | Data Encryption Standard algorithm. | ||
45 | One of | ||
46 | B<-e>, B<-E> | ||
47 | (for encrypt) or | ||
48 | B<-d>, B<-D> | ||
49 | (for decrypt) must be specified. | ||
50 | It is also possible to use | ||
51 | B<-c> | ||
52 | or | ||
53 | B<-C> | ||
54 | in conjunction or instead of the a encrypt/decrypt option to generate | ||
55 | a 16 character hexadecimal checksum, generated via the | ||
56 | I<des_cbc_cksum>. | ||
57 | |||
58 | Two standard encryption modes are supported by the | ||
59 | B<des> | ||
60 | program, Cipher Block Chaining (the default) and Electronic Code Book | ||
61 | (specified with | ||
62 | B<-b>). | ||
63 | |||
64 | The key used for the DES | ||
65 | algorithm is obtained by prompting the user unless the | ||
66 | B<-k> | ||
67 | I<key> | ||
68 | option is given. | ||
69 | If the key is an argument to the | ||
70 | B<des> | ||
71 | command, it is potentially visible to users executing | ||
72 | ps(1) | ||
73 | or a derivative. To minimise this possibility, | ||
74 | B<des> | ||
75 | takes care to destroy the key argument immediately upon entry. | ||
76 | If your shell keeps a history file be careful to make sure it is not | ||
77 | world readable. | ||
78 | |||
79 | Since this program attempts to maintain compatibility with sunOS's | ||
80 | des(1) command, there are 2 different methods used to convert the user | ||
81 | supplied key to a des key. | ||
82 | Whenever and one or more of | ||
83 | B<-E>, B<-D>, B<-C> | ||
84 | or | ||
85 | B<-3> | ||
86 | options are used, the key conversion procedure will not be compatible | ||
87 | with the sunOS des(1) version but will use all the user supplied | ||
88 | character to generate the des key. | ||
89 | B<des> | ||
90 | command reads from standard input unless | ||
91 | I<input-file> | ||
92 | is specified and writes to standard output unless | ||
93 | I<output-file> | ||
94 | is given. | ||
95 | |||
96 | =head1 OPTIONS | ||
97 | |||
98 | =over 4 | ||
99 | |||
100 | =item B<-b> | ||
101 | |||
102 | Select ECB | ||
103 | (eight bytes at a time) encryption mode. | ||
104 | |||
105 | =item B<-3> | ||
106 | |||
107 | Encrypt using triple encryption. | ||
108 | By default triple cbc encryption is used but if the | ||
109 | B<-b> | ||
110 | option is used then triple ECB encryption is performed. | ||
111 | If the key is less than 8 characters long, the flag has no effect. | ||
112 | |||
113 | =item B<-e> | ||
114 | |||
115 | Encrypt data using an 8 byte key in a manner compatible with sunOS | ||
116 | des(1). | ||
117 | |||
118 | =item B<-E> | ||
119 | |||
120 | Encrypt data using a key of nearly unlimited length (1024 bytes). | ||
121 | This will product a more secure encryption. | ||
122 | |||
123 | =item B<-d> | ||
124 | |||
125 | Decrypt data that was encrypted with the B<-e> option. | ||
126 | |||
127 | =item B<-D> | ||
128 | |||
129 | Decrypt data that was encrypted with the B<-E> option. | ||
130 | |||
131 | =item B<-c> | ||
132 | |||
133 | Generate a 16 character hexadecimal cbc checksum and output this to | ||
134 | stderr. | ||
135 | If a filename was specified after the | ||
136 | B<-c> | ||
137 | option, the checksum is output to that file. | ||
138 | The checksum is generated using a key generated in a sunOS compatible | ||
139 | manner. | ||
140 | |||
141 | =item B<-C> | ||
142 | |||
143 | A cbc checksum is generated in the same manner as described for the | ||
144 | B<-c> | ||
145 | option but the DES key is generated in the same manner as used for the | ||
146 | B<-E> | ||
147 | and | ||
148 | B<-D> | ||
149 | options | ||
150 | |||
151 | =item B<-f> | ||
152 | |||
153 | Does nothing - allowed for compatibility with sunOS des(1) command. | ||
154 | |||
155 | =item B<-s> | ||
156 | |||
157 | Does nothing - allowed for compatibility with sunOS des(1) command. | ||
158 | |||
159 | =item B<-k> I<key> | ||
160 | |||
161 | Use the encryption | ||
162 | I<key> | ||
163 | specified. | ||
164 | |||
165 | =item B<-h> | ||
166 | |||
167 | The | ||
168 | I<key> | ||
169 | is assumed to be a 16 character hexadecimal number. | ||
170 | If the | ||
171 | B<-3> | ||
172 | option is used the key is assumed to be a 32 character hexadecimal | ||
173 | number. | ||
174 | |||
175 | =item B<-u> | ||
176 | |||
177 | This flag is used to read and write uuencoded files. If decrypting, | ||
178 | the input file is assumed to contain uuencoded, DES encrypted data. | ||
179 | If encrypting, the characters following the B<-u> are used as the name of | ||
180 | the uuencoded file to embed in the begin line of the uuencoded | ||
181 | output. If there is no name specified after the B<-u>, the name text.des | ||
182 | will be embedded in the header. | ||
183 | |||
184 | =head1 SEE ALSO | ||
185 | |||
186 | ps(1), | ||
187 | L<des_crypt(3)|des_crypt(3)> | ||
188 | |||
189 | =head1 BUGS | ||
190 | |||
191 | The problem with using the | ||
192 | B<-e> | ||
193 | option is the short key length. | ||
194 | It would be better to use a real 56-bit key rather than an | ||
195 | ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII | ||
196 | radically reduces the time necessary for a brute-force cryptographic attack. | ||
197 | My attempt to remove this problem is to add an alternative text-key to | ||
198 | DES-key function. This alternative function (accessed via | ||
199 | B<-E>, B<-D>, B<-S> | ||
200 | and | ||
201 | B<-3>) | ||
202 | uses DES to help generate the key. | ||
203 | |||
204 | Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will | ||
205 | not decrypt filename (the B<-u> option will gobble the B<-d> option). | ||
206 | |||
207 | The VMS operating system operates in a world where files are always a | ||
208 | multiple of 512 bytes. This causes problems when encrypted data is | ||
209 | send from Unix to VMS since a 88 byte file will suddenly be padded | ||
210 | with 424 null bytes. To get around this problem, use the B<-u> option | ||
211 | to uuencode the data before it is send to the VMS system. | ||
212 | |||
213 | =head1 AUTHOR | ||
214 | |||
215 | Eric Young (eay@cryptsoft.com) | ||
216 | |||
217 | =cut | ||