1=pod
2
3=head1 NAME
4
5des - encrypt or decrypt data using Data Encryption Standard
6
7=head1 SYNOPSIS
8
9B<des>
10(
11B<-e>
12|
13B<-E>
14) | (
15B<-d>
16|
17B<-D>
18) | (
19B<->[B<cC>][B<ckname>]
20) |
21[
22B<-b3hfs>
23] [
24B<-k>
25I<key>
26]
27] [
28B<-u>[I<uuname>]
29[
30I<input-file>
31[
32I<output-file>
33] ]
34
35=head1 NOTE
36
37This page describes the B<des> stand-alone program, not the B<openssl des>
38command.
39
40=head1 DESCRIPTION
41
42B<des>
43encrypts and decrypts data using the
44Data Encryption Standard algorithm.
45One of
46B<-e>, B<-E>
47(for encrypt) or
48B<-d>, B<-D>
49(for decrypt) must be specified.
50It is also possible to use
51B<-c>
52or
53B<-C>
54in conjunction or instead of the a encrypt/decrypt option to generate
55a 16 character hexadecimal checksum, generated via the
56I<des_cbc_cksum>.
57
58Two standard encryption modes are supported by the
59B<des>
60program, Cipher Block Chaining (the default) and Electronic Code Book
61(specified with
62B<-b>).
63
64The key used for the DES
65algorithm is obtained by prompting the user unless the
66B<-k>
67I<key>
68option is given.
69If the key is an argument to the
70B<des>
71command, it is potentially visible to users executing
72ps(1)
73or a derivative.  To minimise this possibility,
74B<des>
75takes care to destroy the key argument immediately upon entry.
76If your shell keeps a history file be careful to make sure it is not
77world readable.
78
79Since this program attempts to maintain compatibility with sunOS's
80des(1) command, there are 2 different methods used to convert the user
81supplied key to a des key.
82Whenever and one or more of
83B<-E>, B<-D>, B<-C>
84or
85B<-3>
86options are used, the key conversion procedure will not be compatible
87with the sunOS des(1) version but will use all the user supplied
88character to generate the des key.
89B<des>
90command reads from standard input unless
91I<input-file>
92is specified and writes to standard output unless
93I<output-file>
94is given.
95
96=head1 OPTIONS
97
98=over 4
99
100=item B<-b>
101
102Select ECB
103(eight bytes at a time) encryption mode.
104
105=item B<-3>
106
107Encrypt using triple encryption.
108By default triple cbc encryption is used but if the
109B<-b>
110option is used then triple ECB encryption is performed.
111If the key is less than 8 characters long, the flag has no effect.
112
113=item B<-e>
114
115Encrypt data using an 8 byte key in a manner compatible with sunOS
116des(1).
117
118=item B<-E>
119
120Encrypt data using a key of nearly unlimited length (1024 bytes).
121This will product a more secure encryption.
122
123=item B<-d>
124
125Decrypt data that was encrypted with the B<-e> option.
126
127=item B<-D>
128
129Decrypt data that was encrypted with the B<-E> option.
130
131=item B<-c>
132
133Generate a 16 character hexadecimal cbc checksum and output this to
134stderr.
135If a filename was specified after the
136B<-c>
137option, the checksum is output to that file.
138The checksum is generated using a key generated in a sunOS compatible
139manner.
140
141=item B<-C>
142
143A cbc checksum is generated in the same manner as described for the
144B<-c>
145option but the DES key is generated in the same manner as used for the
146B<-E>
147and
148B<-D>
149options
150
151=item B<-f>
152
153Does nothing - allowed for compatibility with sunOS des(1) command.
154
155=item B<-s>
156
157Does nothing - allowed for compatibility with sunOS des(1) command.
158
159=item B<-k> I<key>
160
161Use the encryption 
162I<key>
163specified.
164
165=item B<-h>
166
167The
168I<key>
169is assumed to be a 16 character hexadecimal number.
170If the
171B<-3>
172option is used the key is assumed to be a 32 character hexadecimal
173number.
174
175=item B<-u>
176
177This flag is used to read and write uuencoded files.  If decrypting,
178the input file is assumed to contain uuencoded, DES encrypted data.
179If encrypting, the characters following the B<-u> are used as the name of
180the uuencoded file to embed in the begin line of the uuencoded
181output.  If there is no name specified after the B<-u>, the name text.des
182will be embedded in the header.
183
184=head1 SEE ALSO
185
186ps(1),
187L<des_crypt(3)|des_crypt(3)>
188
189=head1 BUGS
190
191The problem with using the
192B<-e>
193option is the short key length.
194It would be better to use a real 56-bit key rather than an
195ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
196radically reduces the time necessary for a brute-force cryptographic attack.
197My attempt to remove this problem is to add an alternative text-key to
198DES-key function.  This alternative function (accessed via
199B<-E>, B<-D>, B<-S>
200and
201B<-3>)
202uses DES to help generate the key.
203
204Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
205not decrypt filename (the B<-u> option will gobble the B<-d> option).
206
207The VMS operating system operates in a world where files are always a
208multiple of 512 bytes.  This causes problems when encrypted data is
209send from Unix to VMS since a 88 byte file will suddenly be padded
210with 424 null bytes.  To get around this problem, use the B<-u> option
211to uuencode the data before it is send to the VMS system.
212
213=head1 AUTHOR
214
215Eric Young (eay@cryptsoft.com)
216
217=cut
218