5 des - encrypt or decrypt data using Data Encryption Standard
19 B<->[B<cC>][B<ckname>]
37 This page describes the B<des> stand-alone program, not the B<openssl des>
43 encrypts and decrypts data using the
44 Data Encryption Standard algorithm.
49 (for decrypt) must be specified.
50 It is also possible to use
54 in conjunction or instead of the a encrypt/decrypt option to generate
55 a 16 character hexadecimal checksum, generated via the
58 Two standard encryption modes are supported by the
60 program, Cipher Block Chaining (the default) and Electronic Code Book
64 The key used for the DES
65 algorithm is obtained by prompting the user unless the
69 If the key is an argument to the
71 command, it is potentially visible to users executing
73 or a derivative. To minimise this possibility,
75 takes care to destroy the key argument immediately upon entry.
76 If your shell keeps a history file be careful to make sure it is not
79 Since this program attempts to maintain compatibility with sunOS's
80 des(1) command, there are 2 different methods used to convert the user
81 supplied key to a des key.
82 Whenever and one or more of
86 options are used, the key conversion procedure will not be compatible
87 with the sunOS des(1) version but will use all the user supplied
88 character to generate the des key.
90 command reads from standard input unless
92 is specified and writes to standard output unless
103 (eight bytes at a time) encryption mode.
107 Encrypt using triple encryption.
108 By default triple cbc encryption is used but if the
110 option is used then triple ECB encryption is performed.
111 If the key is less than 8 characters long, the flag has no effect.
115 Encrypt data using an 8 byte key in a manner compatible with sunOS
120 Encrypt data using a key of nearly unlimited length (1024 bytes).
121 This will product a more secure encryption.
125 Decrypt data that was encrypted with the B<-e> option.
129 Decrypt data that was encrypted with the B<-E> option.
133 Generate a 16 character hexadecimal cbc checksum and output this to
135 If a filename was specified after the
137 option, the checksum is output to that file.
138 The checksum is generated using a key generated in a sunOS compatible
143 A cbc checksum is generated in the same manner as described for the
145 option but the DES key is generated in the same manner as used for the
153 Does nothing - allowed for compatibility with sunOS des(1) command.
157 Does nothing - allowed for compatibility with sunOS des(1) command.
169 is assumed to be a 16 character hexadecimal number.
172 option is used the key is assumed to be a 32 character hexadecimal
177 This flag is used to read and write uuencoded files. If decrypting,
178 the input file is assumed to contain uuencoded, DES encrypted data.
179 If encrypting, the characters following the B<-u> are used as the name of
180 the uuencoded file to embed in the begin line of the uuencoded
181 output. If there is no name specified after the B<-u>, the name text.des
182 will be embedded in the header.
189 L<des_crypt(3)|des_crypt(3)>
193 The problem with using the
195 option is the short key length.
196 It would be better to use a real 56-bit key rather than an
197 ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
198 radically reduces the time necessary for a brute-force cryptographic attack.
199 My attempt to remove this problem is to add an alternative text-key to
200 DES-key function. This alternative function (accessed via
204 uses DES to help generate the key.
206 Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will
207 not decrypt filename (the B<-u> option will gobble the B<-d> option).
209 The VMS operating system operates in a world where files are always a
210 multiple of 512 bytes. This causes problems when encrypted data is
211 send from Unix to VMS since a 88 byte file will suddenly be padded
212 with 424 null bytes. To get around this problem, use the B<-u> option
213 to uuencode the data before it is send to the VMS system.
217 Eric Young (eay@cryptsoft.com)