crypto/des/des.man - third_party/openssl - Git at Google

 .TH DES 1
 .SH NAME
 des - encrypt or decrypt data using Data Encryption Standard
 .SH SYNOPSIS
 .B des
 (
 .B \-e
 |
 .B \-E
 ) | (
 .B \-d
 |
 .B \-D
 ) | (
 .B \-\fR[\fPcC\fR][\fPckname\fR]\fP
 ) |
 [
 .B \-b3hfs
 ] [
 .B \-k
 .I key
 ]
 ] [
 .B \-u\fR[\fIuuname\fR]
 [
 .I input-file
 [
 .I output-file
 ] ]
 .SH DESCRIPTION
 .B des
 encrypts and decrypts data using the
 Data Encryption Standard algorithm.
 One of
 .B \-e, \-E
 (for encrypt) or
 .B \-d, \-D
 (for decrypt) must be specified.
 It is also possible to use
 .B \-c
 or
 .B \-C
 in conjunction or instead of the a encrypt/decrypt option to generate
 a 16 character hexadecimal checksum, generated via the
 .I des_cbc_cksum.
 .LP
 Two standard encryption modes are supported by the
 .B des
 program, Cipher Block Chaining (the default) and Electronic Code Book
 (specified with
 .B \-b
 ).
 .LP
 The key used for the DES
 algorithm is obtained by prompting the user unless the
 .B `\-k
 .I key'
 option is given.
 If the key is an argument to the
 .B des
 command, it is potentially visible to users executing
 .BR ps (1)
 or a derivative.  To minimise this possibility,
 .B des
 takes care to destroy the key argument immediately upon entry.
 If your shell keeps a history file be careful to make sure it is not
 world readable.
 .LP
 Since this program attempts to maintain compatability with sunOS's
 des(1) command, there are 2 different methods used to convert the user
 supplied key to a des key.
 Whenever and one or more of
 .B \-E, \-D, \-C
 or
 .B \-3
 options are used, the key conversion procedure will not be compatible
 with the sunOS des(1) version but will use all the user supplied
 character to generate the des key.
 .B des
 command reads from standard input unless
 .I input-file
 is specified and writes to standard output unless
 .I output-file
 is given.
 .SH OPTIONS
 .TP
 .B \-b
 Select ECB
 (eight bytes at a time) encryption mode.
 .TP
 .B \-3
 Encrypt using triple encryption.
 By default triple cbc encryption is used but if the
 .B \-b
 option is used then triple ecb encryption is performed.
 If the key is less than 8 characters long, the flag has no effect.
 .TP
 .B \-e
 Encrypt data using an 8 byte key in a manner compatible with sunOS
 des(1).
 .TP
 .B \-E
 Encrypt data using a key of nearly unlimited length (1024 bytes).
 This will product a more secure encryption.
 .TP
 .B \-d
 Decrypt data that was encrypted with the \-e option.
 .TP
 .B \-D
 Decrypt data that was encrypted with the \-E option.
 .TP
 .B \-c
 Generate a 16 character hexadecimal cbc checksum and output this to
 stderr.
 If a filename was specified after the
 .B \-c
 option, the checksum is output to that file.
 The checksum is generated using a key generated in a sunOS compatible
 manner.
 .TP
 .B \-C
 A cbc checksum is generated in the same manner as described for the
 .B \-c
 option but the DES key is generated in the same manner as used for the
 .B \-E
 and
 .B \-D
 options
 .TP
 .B \-f
 Does nothing - allowed for compatibility with sunOS des(1) command.
 .TP
 .B \-s
 Does nothing - allowed for compatibility with sunOS des(1) command.
 .TP
 .B "\-k \fIkey\fP"
 Use the encryption
 .I key
 specified.
 .TP
 .B "\-h"
 The
 .I key
 is assumed to be a 16 character hexadecimal number.
 If the
 .B "\-3"
 option is used the key is assumed to be a 32 character hexadecimal
 number.
 .TP
 .B \-u
 This flag is used to read and write uuencoded files.  If decrypting,
 the input file is assumed to contain uuencoded, DES encrypted data.
 If encrypting, the characters following the -u are used as the name of
 the uuencoded file to embed in the begin line of the uuencoded
 output.  If there is no name specified after the -u, the name text.des
 will be embedded in the header.
 .SH SEE ALSO
 .B ps (1)
 .B des_crypt(3)
 .SH BUGS
 .LP
 The problem with using the
 .B -e
 option is the short key length.
 It would be better to use a real 56-bit key rather than an
 ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
 radically reduces the time necessary for a brute-force cryptographic attack.
 My attempt to remove this problem is to add an alternative text-key to
 DES-key function.  This alternative function (accessed via
 .B -E, -D, -S
 and
 .B -3
 )
 uses DES to help generate the key.
 .LP
 Be carefully when using the -u option.  Doing des -ud <filename> will
 not decrypt filename (the -u option will gobble the d option).
 .LP
 The VMS operating system operates in a world where files are always a
 multiple of 512 bytes.  This causes problems when encrypted data is
 send from unix to VMS since a 88 byte file will suddenly be padded
 with 424 null bytes.  To get around this problem, use the -u option
 to uuencode the data before it is send to the VMS system.
 .SH AUTHOR
 .LP
 Eric Young (eay@cryptsoft.com)
	.TH DES 1
	.SH NAME
	des - encrypt or decrypt data using Data Encryption Standard
	.SH SYNOPSIS
	.B des
	(
	.B \-e
	\|
	.B \-E
	) \| (
	.B \-d
	\|
	.B \-D
	) \| (
	.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
	) \|
	[
	.B \-b3hfs
	] [
	.B \-k
	.I key
	]
	] [
	.B \-u\fR[\fIuuname\fR]
	[
	.I input-file
	[
	.I output-file
	] ]
	.SH DESCRIPTION
	.B des
	encrypts and decrypts data using the
	Data Encryption Standard algorithm.
	One of
	.B \-e, \-E
	(for encrypt) or
	.B \-d, \-D
	(for decrypt) must be specified.
	It is also possible to use
	.B \-c
	or
	.B \-C
	in conjunction or instead of the a encrypt/decrypt option to generate
	a 16 character hexadecimal checksum, generated via the
	.I des_cbc_cksum.
	.LP
	Two standard encryption modes are supported by the
	.B des
	program, Cipher Block Chaining (the default) and Electronic Code Book
	(specified with
	.B \-b
	).
	.LP
	The key used for the DES
	algorithm is obtained by prompting the user unless the
	.B `\-k
	.I key'
	option is given.
	If the key is an argument to the
	.B des
	command, it is potentially visible to users executing
	.BR ps (1)
	or a derivative. To minimise this possibility,
	.B des
	takes care to destroy the key argument immediately upon entry.
	If your shell keeps a history file be careful to make sure it is not
	world readable.
	.LP
	Since this program attempts to maintain compatability with sunOS's
	des(1) command, there are 2 different methods used to convert the user
	supplied key to a des key.
	Whenever and one or more of
	.B \-E, \-D, \-C
	or
	.B \-3
	options are used, the key conversion procedure will not be compatible
	with the sunOS des(1) version but will use all the user supplied
	character to generate the des key.
	.B des
	command reads from standard input unless
	.I input-file
	is specified and writes to standard output unless
	.I output-file
	is given.
	.SH OPTIONS
	.TP
	.B \-b
	Select ECB
	(eight bytes at a time) encryption mode.
	.TP
	.B \-3
	Encrypt using triple encryption.
	By default triple cbc encryption is used but if the
	.B \-b
	option is used then triple ecb encryption is performed.
	If the key is less than 8 characters long, the flag has no effect.
	.TP
	.B \-e
	Encrypt data using an 8 byte key in a manner compatible with sunOS
	des(1).
	.TP
	.B \-E
	Encrypt data using a key of nearly unlimited length (1024 bytes).
	This will product a more secure encryption.
	.TP
	.B \-d
	Decrypt data that was encrypted with the \-e option.
	.TP
	.B \-D
	Decrypt data that was encrypted with the \-E option.
	.TP
	.B \-c
	Generate a 16 character hexadecimal cbc checksum and output this to
	stderr.
	If a filename was specified after the
	.B \-c
	option, the checksum is output to that file.
	The checksum is generated using a key generated in a sunOS compatible
	manner.
	.TP
	.B \-C
	A cbc checksum is generated in the same manner as described for the
	.B \-c
	option but the DES key is generated in the same manner as used for the
	.B \-E
	and
	.B \-D
	options
	.TP
	.B \-f
	Does nothing - allowed for compatibility with sunOS des(1) command.
	.TP
	.B \-s
	Does nothing - allowed for compatibility with sunOS des(1) command.
	.TP
	.B "\-k \fIkey\fP"
	Use the encryption
	.I key
	specified.
	.TP
	.B "\-h"
	The
	.I key
	is assumed to be a 16 character hexadecimal number.
	If the
	.B "\-3"
	option is used the key is assumed to be a 32 character hexadecimal
	number.
	.TP
	.B \-u
	This flag is used to read and write uuencoded files. If decrypting,
	the input file is assumed to contain uuencoded, DES encrypted data.
	If encrypting, the characters following the -u are used as the name of
	the uuencoded file to embed in the begin line of the uuencoded
	output. If there is no name specified after the -u, the name text.des
	will be embedded in the header.
	.SH SEE ALSO
	.B ps (1)
	.B des_crypt(3)
	.SH BUGS
	.LP
	The problem with using the
	.B -e
	option is the short key length.
	It would be better to use a real 56-bit key rather than an
	ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
	radically reduces the time necessary for a brute-force cryptographic attack.
	My attempt to remove this problem is to add an alternative text-key to
	DES-key function. This alternative function (accessed via
	.B -E, -D, -S
	and
	.B -3
	)
	uses DES to help generate the key.
	.LP
	Be carefully when using the -u option. Doing des -ud <filename> will
	not decrypt filename (the -u option will gobble the d option).
	.LP
	The VMS operating system operates in a world where files are always a
	multiple of 512 bytes. This causes problems when encrypted data is
	send from unix to VMS since a 88 byte file will suddenly be padded
	with 424 null bytes. To get around this problem, use the -u option
	to uuencode the data before it is send to the VMS system.
	.SH AUTHOR
	.LP
	Eric Young (eay@cryptsoft.com)