| OLD | NEW |
|---|
| (Empty) |
| 1 =pod | |
| 2 | |
| 3 =head1 NAME | |
| 4 | |
| 5 des - encrypt or decrypt data using Data Encryption Standard | |
| 6 | |
| 7 =head1 SYNOPSIS | |
| 8 | |
| 9 B<des> | |
| 10 ( | |
| 11 B<-e> | |
| 12 | | |
| 13 B<-E> | |
| 14 ) | ( | |
| 15 B<-d> | |
| 16 | | |
| 17 B<-D> | |
| 18 ) | ( | |
| 19 B<->[B<cC>][B<ckname>] | |
| 20 ) | | |
| 21 [ | |
| 22 B<-b3hfs> | |
| 23 ] [ | |
| 24 B<-k> | |
| 25 I<key> | |
| 26 ] | |
| 27 ] [ | |
| 28 B<-u>[I<uuname>] | |
| 29 [ | |
| 30 I<input-file> | |
| 31 [ | |
| 32 I<output-file> | |
| 33 ] ] | |
| 34 | |
| 35 =head1 NOTE | |
| 36 | |
| 37 This page describes the B<des> stand-alone program, not the B<openssl des> | |
| 38 command. | |
| 39 | |
| 40 =head1 DESCRIPTION | |
| 41 | |
| 42 B<des> | |
| 43 encrypts and decrypts data using the | |
| 44 Data Encryption Standard algorithm. | |
| 45 One of | |
| 46 B<-e>, B<-E> | |
| 47 (for encrypt) or | |
| 48 B<-d>, B<-D> | |
| 49 (for decrypt) must be specified. | |
| 50 It is also possible to use | |
| 51 B<-c> | |
| 52 or | |
| 53 B<-C> | |
| 54 in conjunction or instead of the a encrypt/decrypt option to generate | |
| 55 a 16 character hexadecimal checksum, generated via the | |
| 56 I<des_cbc_cksum>. | |
| 57 | |
| 58 Two standard encryption modes are supported by the | |
| 59 B<des> | |
| 60 program, Cipher Block Chaining (the default) and Electronic Code Book | |
| 61 (specified with | |
| 62 B<-b>). | |
| 63 | |
| 64 The key used for the DES | |
| 65 algorithm is obtained by prompting the user unless the | |
| 66 B<-k> | |
| 67 I<key> | |
| 68 option is given. | |
| 69 If the key is an argument to the | |
| 70 B<des> | |
| 71 command, it is potentially visible to users executing | |
| 72 ps(1) | |
| 73 or a derivative. To minimise this possibility, | |
| 74 B<des> | |
| 75 takes care to destroy the key argument immediately upon entry. | |
| 76 If your shell keeps a history file be careful to make sure it is not | |
| 77 world readable. | |
| 78 | |
| 79 Since this program attempts to maintain compatibility with sunOS's | |
| 80 des(1) command, there are 2 different methods used to convert the user | |
| 81 supplied key to a des key. | |
| 82 Whenever and one or more of | |
| 83 B<-E>, B<-D>, B<-C> | |
| 84 or | |
| 85 B<-3> | |
| 86 options are used, the key conversion procedure will not be compatible | |
| 87 with the sunOS des(1) version but will use all the user supplied | |
| 88 character to generate the des key. | |
| 89 B<des> | |
| 90 command reads from standard input unless | |
| 91 I<input-file> | |
| 92 is specified and writes to standard output unless | |
| 93 I<output-file> | |
| 94 is given. | |
| 95 | |
| 96 =head1 OPTIONS | |
| 97 | |
| 98 =over 4 | |
| 99 | |
| 100 =item B<-b> | |
| 101 | |
| 102 Select ECB | |
| 103 (eight bytes at a time) encryption mode. | |
| 104 | |
| 105 =item B<-3> | |
| 106 | |
| 107 Encrypt using triple encryption. | |
| 108 By default triple cbc encryption is used but if the | |
| 109 B<-b> | |
| 110 option is used then triple ECB encryption is performed. | |
| 111 If the key is less than 8 characters long, the flag has no effect. | |
| 112 | |
| 113 =item B<-e> | |
| 114 | |
| 115 Encrypt data using an 8 byte key in a manner compatible with sunOS | |
| 116 des(1). | |
| 117 | |
| 118 =item B<-E> | |
| 119 | |
| 120 Encrypt data using a key of nearly unlimited length (1024 bytes). | |
| 121 This will product a more secure encryption. | |
| 122 | |
| 123 =item B<-d> | |
| 124 | |
| 125 Decrypt data that was encrypted with the B<-e> option. | |
| 126 | |
| 127 =item B<-D> | |
| 128 | |
| 129 Decrypt data that was encrypted with the B<-E> option. | |
| 130 | |
| 131 =item B<-c> | |
| 132 | |
| 133 Generate a 16 character hexadecimal cbc checksum and output this to | |
| 134 stderr. | |
| 135 If a filename was specified after the | |
| 136 B<-c> | |
| 137 option, the checksum is output to that file. | |
| 138 The checksum is generated using a key generated in a sunOS compatible | |
| 139 manner. | |
| 140 | |
| 141 =item B<-C> | |
| 142 | |
| 143 A cbc checksum is generated in the same manner as described for the | |
| 144 B<-c> | |
| 145 option but the DES key is generated in the same manner as used for the | |
| 146 B<-E> | |
| 147 and | |
| 148 B<-D> | |
| 149 options | |
| 150 | |
| 151 =item B<-f> | |
| 152 | |
| 153 Does nothing - allowed for compatibility with sunOS des(1) command. | |
| 154 | |
| 155 =item B<-s> | |
| 156 | |
| 157 Does nothing - allowed for compatibility with sunOS des(1) command. | |
| 158 | |
| 159 =item B<-k> I<key> | |
| 160 | |
| 161 Use the encryption | |
| 162 I<key> | |
| 163 specified. | |
| 164 | |
| 165 =item B<-h> | |
| 166 | |
| 167 The | |
| 168 I<key> | |
| 169 is assumed to be a 16 character hexadecimal number. | |
| 170 If the | |
| 171 B<-3> | |
| 172 option is used the key is assumed to be a 32 character hexadecimal | |
| 173 number. | |
| 174 | |
| 175 =item B<-u> | |
| 176 | |
| 177 This flag is used to read and write uuencoded files. If decrypting, | |
| 178 the input file is assumed to contain uuencoded, DES encrypted data. | |
| 179 If encrypting, the characters following the B<-u> are used as the name of | |
| 180 the uuencoded file to embed in the begin line of the uuencoded | |
| 181 output. If there is no name specified after the B<-u>, the name text.des | |
| 182 will be embedded in the header. | |
| 183 | |
| 184 =head1 SEE ALSO | |
| 185 | |
| 186 ps(1), | |
| 187 L<des_crypt(3)|des_crypt(3)> | |
| 188 | |
| 189 =head1 BUGS | |
| 190 | |
| 191 The problem with using the | |
| 192 B<-e> | |
| 193 option is the short key length. | |
| 194 It would be better to use a real 56-bit key rather than an | |
| 195 ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII | |
| 196 radically reduces the time necessary for a brute-force cryptographic attack. | |
| 197 My attempt to remove this problem is to add an alternative text-key to | |
| 198 DES-key function. This alternative function (accessed via | |
| 199 B<-E>, B<-D>, B<-S> | |
| 200 and | |
| 201 B<-3>) | |
| 202 uses DES to help generate the key. | |
| 203 | |
| 204 Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will | |
| 205 not decrypt filename (the B<-u> option will gobble the B<-d> option). | |
| 206 | |
| 207 The VMS operating system operates in a world where files are always a | |
| 208 multiple of 512 bytes. This causes problems when encrypted data is | |
| 209 send from Unix to VMS since a 88 byte file will suddenly be padded | |
| 210 with 424 null bytes. To get around this problem, use the B<-u> option | |
| 211 to uuencode the data before it is send to the VMS system. | |
| 212 | |
| 213 =head1 AUTHOR | |
| 214 | |
| 215 Eric Young (eay@cryptsoft.com) | |
| 216 | |
| 217 =cut | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master