diff options
Diffstat (limited to 'openssl/crypto/des/des.pod')
-rw-r--r-- | openssl/crypto/des/des.pod | 217 |
1 files changed, 0 insertions, 217 deletions
diff --git a/openssl/crypto/des/des.pod b/openssl/crypto/des/des.pod deleted file mode 100644 index bf479e83..00000000 --- a/openssl/crypto/des/des.pod +++ /dev/null @@ -1,217 +0,0 @@ -=pod - -=head1 NAME - -des - encrypt or decrypt data using Data Encryption Standard - -=head1 SYNOPSIS - -B<des> -( -B<-e> -| -B<-E> -) | ( -B<-d> -| -B<-D> -) | ( -B<->[B<cC>][B<ckname>] -) | -[ -B<-b3hfs> -] [ -B<-k> -I<key> -] -] [ -B<-u>[I<uuname>] -[ -I<input-file> -[ -I<output-file> -] ] - -=head1 NOTE - -This page describes the B<des> stand-alone program, not the B<openssl des> -command. - -=head1 DESCRIPTION - -B<des> -encrypts and decrypts data using the -Data Encryption Standard algorithm. -One of -B<-e>, B<-E> -(for encrypt) or -B<-d>, B<-D> -(for decrypt) must be specified. -It is also possible to use -B<-c> -or -B<-C> -in conjunction or instead of the a encrypt/decrypt option to generate -a 16 character hexadecimal checksum, generated via the -I<des_cbc_cksum>. - -Two standard encryption modes are supported by the -B<des> -program, Cipher Block Chaining (the default) and Electronic Code Book -(specified with -B<-b>). - -The key used for the DES -algorithm is obtained by prompting the user unless the -B<-k> -I<key> -option is given. -If the key is an argument to the -B<des> -command, it is potentially visible to users executing -ps(1) -or a derivative. To minimise this possibility, -B<des> -takes care to destroy the key argument immediately upon entry. -If your shell keeps a history file be careful to make sure it is not -world readable. - -Since this program attempts to maintain compatibility with sunOS's -des(1) command, there are 2 different methods used to convert the user -supplied key to a des key. -Whenever and one or more of -B<-E>, B<-D>, B<-C> -or -B<-3> -options are used, the key conversion procedure will not be compatible -with the sunOS des(1) version but will use all the user supplied -character to generate the des key. -B<des> -command reads from standard input unless -I<input-file> -is specified and writes to standard output unless -I<output-file> -is given. - -=head1 OPTIONS - -=over 4 - -=item B<-b> - -Select ECB -(eight bytes at a time) encryption mode. - -=item B<-3> - -Encrypt using triple encryption. -By default triple cbc encryption is used but if the -B<-b> -option is used then triple ECB encryption is performed. -If the key is less than 8 characters long, the flag has no effect. - -=item B<-e> - -Encrypt data using an 8 byte key in a manner compatible with sunOS -des(1). - -=item B<-E> - -Encrypt data using a key of nearly unlimited length (1024 bytes). -This will product a more secure encryption. - -=item B<-d> - -Decrypt data that was encrypted with the B<-e> option. - -=item B<-D> - -Decrypt data that was encrypted with the B<-E> option. - -=item B<-c> - -Generate a 16 character hexadecimal cbc checksum and output this to -stderr. -If a filename was specified after the -B<-c> -option, the checksum is output to that file. -The checksum is generated using a key generated in a sunOS compatible -manner. - -=item B<-C> - -A cbc checksum is generated in the same manner as described for the -B<-c> -option but the DES key is generated in the same manner as used for the -B<-E> -and -B<-D> -options - -=item B<-f> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-s> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-k> I<key> - -Use the encryption -I<key> -specified. - -=item B<-h> - -The -I<key> -is assumed to be a 16 character hexadecimal number. -If the -B<-3> -option is used the key is assumed to be a 32 character hexadecimal -number. - -=item B<-u> - -This flag is used to read and write uuencoded files. If decrypting, -the input file is assumed to contain uuencoded, DES encrypted data. -If encrypting, the characters following the B<-u> are used as the name of -the uuencoded file to embed in the begin line of the uuencoded -output. If there is no name specified after the B<-u>, the name text.des -will be embedded in the header. - -=head1 SEE ALSO - -ps(1), -L<des_crypt(3)|des_crypt(3)> - -=head1 BUGS - -The problem with using the -B<-e> -option is the short key length. -It would be better to use a real 56-bit key rather than an -ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII -radically reduces the time necessary for a brute-force cryptographic attack. -My attempt to remove this problem is to add an alternative text-key to -DES-key function. This alternative function (accessed via -B<-E>, B<-D>, B<-S> -and -B<-3>) -uses DES to help generate the key. - -Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will -not decrypt filename (the B<-u> option will gobble the B<-d> option). - -The VMS operating system operates in a world where files are always a -multiple of 512 bytes. This causes problems when encrypted data is -send from Unix to VMS since a 88 byte file will suddenly be padded -with 424 null bytes. To get around this problem, use the B<-u> option -to uuencode the data before it is send to the VMS system. - -=head1 AUTHOR - -Eric Young (eay@cryptsoft.com) - -=cut |