1=pod 2 3=head1 NAME 4 5des - encrypt or decrypt data using Data Encryption Standard 6 7=head1 SYNOPSIS 8 9B<des> 10( 11B<-e> 12| 13B<-E> 14) | ( 15B<-d> 16| 17B<-D> 18) | ( 19B<->[B<cC>][B<ckname>] 20) | 21[ 22B<-b3hfs> 23] [ 24B<-k> 25I<key> 26] 27] [ 28B<-u>[I<uuname>] 29[ 30I<input-file> 31[ 32I<output-file> 33] ] 34 35=head1 NOTE 36 37This page describes the B<des> stand-alone program, not the B<openssl des> 38command. 39 40=head1 DESCRIPTION 41 42B<des> 43encrypts and decrypts data using the 44Data Encryption Standard algorithm. 45One of 46B<-e>, B<-E> 47(for encrypt) or 48B<-d>, B<-D> 49(for decrypt) must be specified. 50It is also possible to use 51B<-c> 52or 53B<-C> 54in conjunction or instead of the a encrypt/decrypt option to generate 55a 16 character hexadecimal checksum, generated via the 56I<des_cbc_cksum>. 57 58Two standard encryption modes are supported by the 59B<des> 60program, Cipher Block Chaining (the default) and Electronic Code Book 61(specified with 62B<-b>). 63 64The key used for the DES 65algorithm is obtained by prompting the user unless the 66B<-k> 67I<key> 68option is given. 69If the key is an argument to the 70B<des> 71command, it is potentially visible to users executing 72ps(1) 73or a derivative. To minimise this possibility, 74B<des> 75takes care to destroy the key argument immediately upon entry. 76If your shell keeps a history file be careful to make sure it is not 77world readable. 78 79Since this program attempts to maintain compatibility with sunOS's 80des(1) command, there are 2 different methods used to convert the user 81supplied key to a des key. 82Whenever and one or more of 83B<-E>, B<-D>, B<-C> 84or 85B<-3> 86options are used, the key conversion procedure will not be compatible 87with the sunOS des(1) version but will use all the user supplied 88character to generate the des key. 89B<des> 90command reads from standard input unless 91I<input-file> 92is specified and writes to standard output unless 93I<output-file> 94is given. 95 96=head1 OPTIONS 97 98=over 4 99 100=item B<-b> 101 102Select ECB 103(eight bytes at a time) encryption mode. 104 105=item B<-3> 106 107Encrypt using triple encryption. 108By default triple cbc encryption is used but if the 109B<-b> 110option is used then triple ECB encryption is performed. 111If the key is less than 8 characters long, the flag has no effect. 112 113=item B<-e> 114 115Encrypt data using an 8 byte key in a manner compatible with sunOS 116des(1). 117 118=item B<-E> 119 120Encrypt data using a key of nearly unlimited length (1024 bytes). 121This will product a more secure encryption. 122 123=item B<-d> 124 125Decrypt data that was encrypted with the B<-e> option. 126 127=item B<-D> 128 129Decrypt data that was encrypted with the B<-E> option. 130 131=item B<-c> 132 133Generate a 16 character hexadecimal cbc checksum and output this to 134stderr. 135If a filename was specified after the 136B<-c> 137option, the checksum is output to that file. 138The checksum is generated using a key generated in a sunOS compatible 139manner. 140 141=item B<-C> 142 143A cbc checksum is generated in the same manner as described for the 144B<-c> 145option but the DES key is generated in the same manner as used for the 146B<-E> 147and 148B<-D> 149options 150 151=item B<-f> 152 153Does nothing - allowed for compatibility with sunOS des(1) command. 154 155=item B<-s> 156 157Does nothing - allowed for compatibility with sunOS des(1) command. 158 159=item B<-k> I<key> 160 161Use the encryption 162I<key> 163specified. 164 165=item B<-h> 166 167The 168I<key> 169is assumed to be a 16 character hexadecimal number. 170If the 171B<-3> 172option is used the key is assumed to be a 32 character hexadecimal 173number. 174 175=item B<-u> 176 177This flag is used to read and write uuencoded files. If decrypting, 178the input file is assumed to contain uuencoded, DES encrypted data. 179If encrypting, the characters following the B<-u> are used as the name of 180the uuencoded file to embed in the begin line of the uuencoded 181output. If there is no name specified after the B<-u>, the name text.des 182will be embedded in the header. 183 184=head1 SEE ALSO 185 186ps(1), 187L<des_crypt(3)|des_crypt(3)> 188 189=head1 BUGS 190 191The problem with using the 192B<-e> 193option is the short key length. 194It would be better to use a real 56-bit key rather than an 195ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII 196radically reduces the time necessary for a brute-force cryptographic attack. 197My attempt to remove this problem is to add an alternative text-key to 198DES-key function. This alternative function (accessed via 199B<-E>, B<-D>, B<-S> 200and 201B<-3>) 202uses DES to help generate the key. 203 204Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will 205not decrypt filename (the B<-u> option will gobble the B<-d> option). 206 207The VMS operating system operates in a world where files are always a 208multiple of 512 bytes. This causes problems when encrypted data is 209send from Unix to VMS since a 88 byte file will suddenly be padded 210with 424 null bytes. To get around this problem, use the B<-u> option 211to uuencode the data before it is send to the VMS system. 212 213=head1 AUTHOR 214 215Eric Young (eay@cryptsoft.com) 216 217=cut 218