159191Skris=pod
259191Skris
359191Skris=head1 NAME
459191Skris
559191Skrisdes - encrypt or decrypt data using Data Encryption Standard
659191Skris
759191Skris=head1 SYNOPSIS
859191Skris
959191SkrisB<des>
1059191Skris(
1159191SkrisB<-e>
1259191Skris|
1359191SkrisB<-E>
1459191Skris) | (
1559191SkrisB<-d>
1659191Skris|
1759191SkrisB<-D>
1859191Skris) | (
1959191SkrisB<->[B<cC>][B<ckname>]
2059191Skris) |
2159191Skris[
2259191SkrisB<-b3hfs>
2359191Skris] [
2459191SkrisB<-k>
2559191SkrisI<key>
2659191Skris]
2759191Skris] [
2859191SkrisB<-u>[I<uuname>]
2959191Skris[
3059191SkrisI<input-file>
3159191Skris[
3259191SkrisI<output-file>
3359191Skris] ]
3459191Skris
3559191Skris=head1 NOTE
3659191Skris
3759191SkrisThis page describes the B<des> stand-alone program, not the B<openssl des>
3859191Skriscommand.
3959191Skris
4059191Skris=head1 DESCRIPTION
4159191Skris
4259191SkrisB<des>
4359191Skrisencrypts and decrypts data using the
4459191SkrisData Encryption Standard algorithm.
4559191SkrisOne of
4659191SkrisB<-e>, B<-E>
4759191Skris(for encrypt) or
4859191SkrisB<-d>, B<-D>
4959191Skris(for decrypt) must be specified.
5059191SkrisIt is also possible to use
5159191SkrisB<-c>
5259191Skrisor
5359191SkrisB<-C>
5459191Skrisin conjunction or instead of the a encrypt/decrypt option to generate
5559191Skrisa 16 character hexadecimal checksum, generated via the
5659191SkrisI<des_cbc_cksum>.
5759191Skris
5859191SkrisTwo standard encryption modes are supported by the
5959191SkrisB<des>
6059191Skrisprogram, Cipher Block Chaining (the default) and Electronic Code Book
6159191Skris(specified with
6259191SkrisB<-b>).
6359191Skris
6459191SkrisThe key used for the DES
6559191Skrisalgorithm is obtained by prompting the user unless the
6659191SkrisB<-k>
6759191SkrisI<key>
6859191Skrisoption is given.
6959191SkrisIf the key is an argument to the
7059191SkrisB<des>
7159191Skriscommand, it is potentially visible to users executing
7259191Skrisps(1)
7359191Skrisor a derivative.  To minimise this possibility,
7459191SkrisB<des>
7559191Skristakes care to destroy the key argument immediately upon entry.
7659191SkrisIf your shell keeps a history file be careful to make sure it is not
7759191Skrisworld readable.
7859191Skris
7959191SkrisSince this program attempts to maintain compatibility with sunOS's
8059191Skrisdes(1) command, there are 2 different methods used to convert the user
8159191Skrissupplied key to a des key.
8259191SkrisWhenever and one or more of
8359191SkrisB<-E>, B<-D>, B<-C>
8459191Skrisor
8559191SkrisB<-3>
8659191Skrisoptions are used, the key conversion procedure will not be compatible
8759191Skriswith the sunOS des(1) version but will use all the user supplied
8859191Skrischaracter to generate the des key.
8959191SkrisB<des>
9059191Skriscommand reads from standard input unless
9159191SkrisI<input-file>
9259191Skrisis specified and writes to standard output unless
9359191SkrisI<output-file>
9459191Skrisis given.
9559191Skris
9659191Skris=head1 OPTIONS
9759191Skris
9859191Skris=over 4
9959191Skris
10059191Skris=item B<-b>
10159191Skris
10259191SkrisSelect ECB
10359191Skris(eight bytes at a time) encryption mode.
10459191Skris
10559191Skris=item B<-3>
10659191Skris
10759191SkrisEncrypt using triple encryption.
10859191SkrisBy default triple cbc encryption is used but if the
10959191SkrisB<-b>
11059191Skrisoption is used then triple ECB encryption is performed.
11159191SkrisIf the key is less than 8 characters long, the flag has no effect.
11259191Skris
11359191Skris=item B<-e>
11459191Skris
11559191SkrisEncrypt data using an 8 byte key in a manner compatible with sunOS
11659191Skrisdes(1).
11759191Skris
11859191Skris=item B<-E>
11959191Skris
12059191SkrisEncrypt data using a key of nearly unlimited length (1024 bytes).
12159191SkrisThis will product a more secure encryption.
12259191Skris
12359191Skris=item B<-d>
12459191Skris
12559191SkrisDecrypt data that was encrypted with the B<-e> option.
12659191Skris
12759191Skris=item B<-D>
12859191Skris
12959191SkrisDecrypt data that was encrypted with the B<-E> option.
13059191Skris
13159191Skris=item B<-c>
13259191Skris
13359191SkrisGenerate a 16 character hexadecimal cbc checksum and output this to
13459191Skrisstderr.
13559191SkrisIf a filename was specified after the
13659191SkrisB<-c>
13759191Skrisoption, the checksum is output to that file.
13859191SkrisThe checksum is generated using a key generated in a sunOS compatible
13959191Skrismanner.
14059191Skris
14159191Skris=item B<-C>
14259191Skris
14359191SkrisA cbc checksum is generated in the same manner as described for the
14459191SkrisB<-c>
14559191Skrisoption but the DES key is generated in the same manner as used for the
14659191SkrisB<-E>
14759191Skrisand
14859191SkrisB<-D>
14959191Skrisoptions
15059191Skris
15159191Skris=item B<-f>
15259191Skris
15359191SkrisDoes nothing - allowed for compatibility with sunOS des(1) command.
15459191Skris
15559191Skris=item B<-s>
15659191Skris
15759191SkrisDoes nothing - allowed for compatibility with sunOS des(1) command.
15859191Skris
15959191Skris=item B<-k> I<key>
16059191Skris
16159191SkrisUse the encryption 
16259191SkrisI<key>
16359191Skrisspecified.
16459191Skris
16559191Skris=item B<-h>
16659191Skris
16759191SkrisThe
16859191SkrisI<key>
16959191Skrisis assumed to be a 16 character hexadecimal number.
17059191SkrisIf the
17159191SkrisB<-3>
17259191Skrisoption is used the key is assumed to be a 32 character hexadecimal
17359191Skrisnumber.
17459191Skris
17559191Skris=item B<-u>
17659191Skris
17759191SkrisThis flag is used to read and write uuencoded files.  If decrypting,
17859191Skristhe input file is assumed to contain uuencoded, DES encrypted data.
17959191SkrisIf encrypting, the characters following the B<-u> are used as the name of
18059191Skristhe uuencoded file to embed in the begin line of the uuencoded
18159191Skrisoutput.  If there is no name specified after the B<-u>, the name text.des
18259191Skriswill be embedded in the header.
18359191Skris
18459191Skris=head1 SEE ALSO
18559191Skris
18659191Skrisps(1),
18759191SkrisL<des_crypt(3)|des_crypt(3)>
18859191Skris
18959191Skris=head1 BUGS
19059191Skris
19159191SkrisThe problem with using the
19259191SkrisB<-e>
19359191Skrisoption is the short key length.
19459191SkrisIt would be better to use a real 56-bit key rather than an
19559191SkrisASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
19659191Skrisradically reduces the time necessary for a brute-force cryptographic attack.
19759191SkrisMy attempt to remove this problem is to add an alternative text-key to
19859191SkrisDES-key function.  This alternative function (accessed via
19959191SkrisB<-E>, B<-D>, B<-S>
20059191Skrisand
20159191SkrisB<-3>)
20259191Skrisuses DES to help generate the key.
20359191Skris
20459191SkrisBe carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
20559191Skrisnot decrypt filename (the B<-u> option will gobble the B<-d> option).
20659191Skris
20759191SkrisThe VMS operating system operates in a world where files are always a
20859191Skrismultiple of 512 bytes.  This causes problems when encrypted data is
20959191Skrissend from Unix to VMS since a 88 byte file will suddenly be padded
21059191Skriswith 424 null bytes.  To get around this problem, use the B<-u> option
21159191Skristo uuencode the data before it is send to the VMS system.
21259191Skris
21359191Skris=head1 AUTHOR
21459191Skris
21559191SkrisEric Young (eay@cryptsoft.com)
21659191Skris
21759191Skris=cut
218