159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skrisdes - encrypt or decrypt data using Data Encryption Standard 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<des> 1059191Skris( 1159191SkrisB<-e> 1259191Skris| 1359191SkrisB<-E> 1459191Skris) | ( 1559191SkrisB<-d> 1659191Skris| 1759191SkrisB<-D> 1859191Skris) | ( 1959191SkrisB<->[B<cC>][B<ckname>] 2059191Skris) | 2159191Skris[ 2259191SkrisB<-b3hfs> 2359191Skris] [ 2459191SkrisB<-k> 2559191SkrisI<key> 2659191Skris] 2759191Skris] [ 2859191SkrisB<-u>[I<uuname>] 2959191Skris[ 3059191SkrisI<input-file> 3159191Skris[ 3259191SkrisI<output-file> 3359191Skris] ] 3459191Skris 3559191Skris=head1 NOTE 3659191Skris 3759191SkrisThis page describes the B<des> stand-alone program, not the B<openssl des> 3859191Skriscommand. 3959191Skris 4059191Skris=head1 DESCRIPTION 4159191Skris 4259191SkrisB<des> 4359191Skrisencrypts and decrypts data using the 4459191SkrisData Encryption Standard algorithm. 4559191SkrisOne of 4659191SkrisB<-e>, B<-E> 4759191Skris(for encrypt) or 4859191SkrisB<-d>, B<-D> 4959191Skris(for decrypt) must be specified. 5059191SkrisIt is also possible to use 5159191SkrisB<-c> 5259191Skrisor 5359191SkrisB<-C> 5459191Skrisin conjunction or instead of the a encrypt/decrypt option to generate 5559191Skrisa 16 character hexadecimal checksum, generated via the 5659191SkrisI<des_cbc_cksum>. 5759191Skris 5859191SkrisTwo standard encryption modes are supported by the 5959191SkrisB<des> 6059191Skrisprogram, Cipher Block Chaining (the default) and Electronic Code Book 6159191Skris(specified with 6259191SkrisB<-b>). 6359191Skris 6459191SkrisThe key used for the DES 6559191Skrisalgorithm is obtained by prompting the user unless the 6659191SkrisB<-k> 6759191SkrisI<key> 6859191Skrisoption is given. 6959191SkrisIf the key is an argument to the 7059191SkrisB<des> 7159191Skriscommand, it is potentially visible to users executing 7259191Skrisps(1) 7359191Skrisor a derivative. To minimise this possibility, 7459191SkrisB<des> 7559191Skristakes care to destroy the key argument immediately upon entry. 7659191SkrisIf your shell keeps a history file be careful to make sure it is not 7759191Skrisworld readable. 7859191Skris 7959191SkrisSince this program attempts to maintain compatibility with sunOS's 8059191Skrisdes(1) command, there are 2 different methods used to convert the user 8159191Skrissupplied key to a des key. 8259191SkrisWhenever and one or more of 8359191SkrisB<-E>, B<-D>, B<-C> 8459191Skrisor 8559191SkrisB<-3> 8659191Skrisoptions are used, the key conversion procedure will not be compatible 8759191Skriswith the sunOS des(1) version but will use all the user supplied 8859191Skrischaracter to generate the des key. 8959191SkrisB<des> 9059191Skriscommand reads from standard input unless 9159191SkrisI<input-file> 9259191Skrisis specified and writes to standard output unless 9359191SkrisI<output-file> 9459191Skrisis given. 9559191Skris 9659191Skris=head1 OPTIONS 9759191Skris 9859191Skris=over 4 9959191Skris 10059191Skris=item B<-b> 10159191Skris 10259191SkrisSelect ECB 10359191Skris(eight bytes at a time) encryption mode. 10459191Skris 10559191Skris=item B<-3> 10659191Skris 10759191SkrisEncrypt using triple encryption. 10859191SkrisBy default triple cbc encryption is used but if the 10959191SkrisB<-b> 11059191Skrisoption is used then triple ECB encryption is performed. 11159191SkrisIf the key is less than 8 characters long, the flag has no effect. 11259191Skris 11359191Skris=item B<-e> 11459191Skris 11559191SkrisEncrypt data using an 8 byte key in a manner compatible with sunOS 11659191Skrisdes(1). 11759191Skris 11859191Skris=item B<-E> 11959191Skris 12059191SkrisEncrypt data using a key of nearly unlimited length (1024 bytes). 12159191SkrisThis will product a more secure encryption. 12259191Skris 12359191Skris=item B<-d> 12459191Skris 12559191SkrisDecrypt data that was encrypted with the B<-e> option. 12659191Skris 12759191Skris=item B<-D> 12859191Skris 12959191SkrisDecrypt data that was encrypted with the B<-E> option. 13059191Skris 13159191Skris=item B<-c> 13259191Skris 13359191SkrisGenerate a 16 character hexadecimal cbc checksum and output this to 13459191Skrisstderr. 13559191SkrisIf a filename was specified after the 13659191SkrisB<-c> 13759191Skrisoption, the checksum is output to that file. 13859191SkrisThe checksum is generated using a key generated in a sunOS compatible 13959191Skrismanner. 14059191Skris 14159191Skris=item B<-C> 14259191Skris 14359191SkrisA cbc checksum is generated in the same manner as described for the 14459191SkrisB<-c> 14559191Skrisoption but the DES key is generated in the same manner as used for the 14659191SkrisB<-E> 14759191Skrisand 14859191SkrisB<-D> 14959191Skrisoptions 15059191Skris 15159191Skris=item B<-f> 15259191Skris 15359191SkrisDoes nothing - allowed for compatibility with sunOS des(1) command. 15459191Skris 15559191Skris=item B<-s> 15659191Skris 15759191SkrisDoes nothing - allowed for compatibility with sunOS des(1) command. 15859191Skris 15959191Skris=item B<-k> I<key> 16059191Skris 16159191SkrisUse the encryption 16259191SkrisI<key> 16359191Skrisspecified. 16459191Skris 16559191Skris=item B<-h> 16659191Skris 16759191SkrisThe 16859191SkrisI<key> 16959191Skrisis assumed to be a 16 character hexadecimal number. 17059191SkrisIf the 17159191SkrisB<-3> 17259191Skrisoption is used the key is assumed to be a 32 character hexadecimal 17359191Skrisnumber. 17459191Skris 17559191Skris=item B<-u> 17659191Skris 17759191SkrisThis flag is used to read and write uuencoded files. If decrypting, 17859191Skristhe input file is assumed to contain uuencoded, DES encrypted data. 17959191SkrisIf encrypting, the characters following the B<-u> are used as the name of 18059191Skristhe uuencoded file to embed in the begin line of the uuencoded 18159191Skrisoutput. If there is no name specified after the B<-u>, the name text.des 18259191Skriswill be embedded in the header. 18359191Skris 18459191Skris=head1 SEE ALSO 18559191Skris 18659191Skrisps(1), 18759191SkrisL<des_crypt(3)|des_crypt(3)> 18859191Skris 18959191Skris=head1 BUGS 19059191Skris 19159191SkrisThe problem with using the 19259191SkrisB<-e> 19359191Skrisoption is the short key length. 19459191SkrisIt would be better to use a real 56-bit key rather than an 19559191SkrisASCII-based 56-bit pattern. Knowing that the key was derived from ASCII 19659191Skrisradically reduces the time necessary for a brute-force cryptographic attack. 19759191SkrisMy attempt to remove this problem is to add an alternative text-key to 19859191SkrisDES-key function. This alternative function (accessed via 19959191SkrisB<-E>, B<-D>, B<-S> 20059191Skrisand 20159191SkrisB<-3>) 20259191Skrisuses DES to help generate the key. 20359191Skris 20459191SkrisBe carefully when using the B<-u> option. Doing B<des -ud> I<filename> will 20559191Skrisnot decrypt filename (the B<-u> option will gobble the B<-d> option). 20659191Skris 20759191SkrisThe VMS operating system operates in a world where files are always a 20859191Skrismultiple of 512 bytes. This causes problems when encrypted data is 20959191Skrissend from Unix to VMS since a 88 byte file will suddenly be padded 21059191Skriswith 424 null bytes. To get around this problem, use the B<-u> option 21159191Skristo uuencode the data before it is send to the VMS system. 21259191Skris 21359191Skris=head1 AUTHOR 21459191Skris 21559191SkrisEric Young (eay@cryptsoft.com) 21659191Skris 21759191Skris=cut 218