Index of Section 1 Manual Pages
| Interix / SUA | des.1 | Interix / SUA |
DES(1) DES(1)
NAME
des - encrypt or decrypt data using Data Encryption Stan-
dard
SYNOPSIS
des ( -e | -E ) | ( -d | -D ) | ( -[cC][ckname] ) | [
-b3hfs ] [ -k key ] ] [ -u[uuname] [ input-file [ output-
file ] ]
DESCRIPTION
des encrypts and decrypts data using the Data Encryption
Standard algorithm. One of -e, -E (for encrypt) or -d, -D
(for decrypt) must be specified. It is also possible to
use -c or -C in conjunction or instead of the a
encrypt/decrypt option to generate a 16 character hexadec-
imal checksum, generated via the des_cbc_cksum.
Two standard encryption modes are supported by the des
program, Cipher Block Chaining (the default) and Elec-
tronic Code Book (specified with -b ).
The key used for the DES algorithm is obtained by prompt-
ing the user unless the `-k key' option is given. If the
key is an argument to the des command, it is potentially
visible to users executing ps(1) or a derivative. To min-
imise this possibility, des takes care to destroy the key
argument immediately upon entry. If your shell keeps a
history file be careful to make sure it is not world read-
able.
Since this program attempts to maintain compatability with
sunOS's des(1) command, there are 2 different methods used
to convert the user supplied key to a des key. Whenever
and one or more of -E, -D, -C or -3 options are used, the
key conversion procedure will not be compatible with the
sunOS des(1) version but will use all the user supplied
character to generate the des key. des command reads from
standard input unless input-file is specified and writes
to standard output unless output-file is given.
OPTIONS
-b Select ECB (eight bytes at a time) encryption mode.
-3 Encrypt using triple encryption. By default triple
cbc encryption is used but if the -b option is used
then triple ecb encryption is performed. If the
key is less than 8 characters long, the flag has no
effect.
-e Encrypt data using an 8 byte key in a manner com-
patible with sunOS des(1).
-E Encrypt data using a key of nearly unlimited length
(1024 bytes). This will product a more secure
encryption.
-d Decrypt data that was encrypted with the -e option.
-D Decrypt data that was encrypted with the -E option.
-c Generate a 16 character hexadecimal cbc checksum
and output this to stderr. If a filename was
specified after the -c option, the checksum is out-
put to that file. The checksum is generated using
a key generated in a sunOS compatible manner.
-C A cbc checksum is generated in the same manner as
described for the -c option but the DES key is gen-
erated in the same manner as used for the -E and -D
options
-f Does nothing - allowed for compatibility with sunOS
des(1) command.
-s Does nothing - allowed for compatibility with sunOS
des(1) command.
-k key Use the encryption key specified.
-h The key is assumed to be a 16 character hexadecimal
number. If the -3 option is used the key is
assumed to be a 32 character hexadecimal number.
-u This flag is used to read and write uuencoded
files. If decrypting, the input file is assumed to
contain uuencoded, DES encrypted data. If encrypt-
ing, the characters following the -u are used as
the name of the uuencoded file to embed in the
begin line of the uuencoded output. If there is no
name specified after the -u, the name text.des will
be embedded in the header.
SEE ALSO
ps (1) des_crypt(3)
BUGS
The problem with using the -e option is the short key
length. It would be better to use a real 56-bit key
rather than an ASCII-based 56-bit pattern. Knowing that
the key was derived from ASCII radically reduces the time
necessary for a brute-force cryptographic attack. My
attempt to remove this problem is to add an alternative
text-key to DES-key function. This alternative function
(accessed via -E, -D, -S and -3 ) uses DES to help gener-
ate the key.
Be carefully when using the -u option. Doing des -ud
will not decrypt filename (the -u option will
gobble the d option).
The VMS operating system operates in a world where files
are always a multiple of 512 bytes. This causes problems
when encrypted data is send from unix to VMS since a 88
byte file will suddenly be padded with 424 null bytes. To
get around this problem, use the -u option to uuencode the
data before it is send to the VMS system.
AUTHOR
Eric Young (eay@cryptsoft.com)
DES(1)