3 des - encrypt or decrypt data using Data Encryption Standard
15 .B \-\fR[\fPcC\fR][\fPckname\fR]\fP
24 .B \-u\fR[\fIuuname\fR]
32 encrypts and decrypts data using the
33 Data Encryption Standard algorithm.
38 (for decrypt) must be specified.
39 It is also possible to use
43 in conjunction or instead of the a encrypt/decrypt option to generate
44 a 16 character hexadecimal checksum, generated via the
47 Two standard encryption modes are supported by the
49 program, Cipher Block Chaining (the default) and Electronic Code Book
54 The key used for the DES
55 algorithm is obtained by prompting the user unless the
59 If the key is an argument to the
61 command, it is potentially visible to users executing
63 or a derivative. To minimise this possibility,
65 takes care to destroy the key argument immediately upon entry.
66 If your shell keeps a history file be careful to make sure it is not
69 Since this program attempts to maintain compatability with sunOS's
70 des(1) command, there are 2 different methods used to convert the user
71 supplied key to a des key.
72 Whenever and one or more of
76 options are used, the key conversion procedure will not be compatible
77 with the sunOS des(1) version but will use all the user supplied
78 character to generate the des key.
80 command reads from standard input unless
82 is specified and writes to standard output unless
89 (eight bytes at a time) encryption mode.
92 Encrypt using triple encryption.
93 By default triple cbc encryption is used but if the
95 option is used then triple ecb encryption is performed.
96 If the key is less than 8 characters long, the flag has no effect.
99 Encrypt data using an 8 byte key in a manner compatible with sunOS
103 Encrypt data using a key of nearly unlimited length (1024 bytes).
104 This will product a more secure encryption.
107 Decrypt data that was encrypted with the \-e option.
110 Decrypt data that was encrypted with the \-E option.
113 Generate a 16 character hexadecimal cbc checksum and output this to
115 If a filename was specified after the
117 option, the checksum is output to that file.
118 The checksum is generated using a key generated in a sunOS compatible
122 A cbc checksum is generated in the same manner as described for the
124 option but the DES key is generated in the same manner as used for the
131 Does nothing - allowed for compatibility with sunOS des(1) command.
134 Does nothing - allowed for compatibility with sunOS des(1) command.
144 is assumed to be a 16 character hexadecimal number.
147 option is used the key is assumed to be a 32 character hexadecimal
151 This flag is used to read and write uuencoded files. If decrypting,
152 the input file is assumed to contain uuencoded, DES encrypted data.
153 If encrypting, the characters following the -u are used as the name of
154 the uuencoded file to embed in the begin line of the uuencoded
155 output. If there is no name specified after the -u, the name text.des
156 will be embedded in the header.
162 The problem with using the
164 option is the short key length.
165 It would be better to use a real 56-bit key rather than an
166 ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
167 radically reduces the time necessary for a brute-force cryptographic attack.
168 My attempt to remove this problem is to add an alternative text-key to
169 DES-key function. This alternative function (accessed via
174 uses DES to help generate the key.
176 Be carefully when using the -u option. Doing des -ud <filename> will
177 not decrypt filename (the -u option will gobble the d option).
179 The VMS operating system operates in a world where files are always a
180 multiple of 512 bytes. This causes problems when encrypted data is
181 send from unix to VMS since a 88 byte file will suddenly be padded
182 with 424 null bytes. To get around this problem, use the -u option
183 to uuencode the data before it is send to the VMS system.
186 Eric Young (eay@cryptsoft.com)