home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Computer Club Elmshorn Atari PD
/
CCE_PD.iso
/
pc
/
0600
/
CCE_0679.ZIP
/
CCE_0679.PD
/
DES301
/
DES.1
< prev
next >
Wrap
Text File
|
1993-11-10
|
7KB
|
199 lines
DES(1) DES(1)
N✓NA✓AM✓ME✓E
des - encrypt or decrypt data using Data Encryption Stan-
dard
S✓SY✓YN✓NO✓OP✓PS✓SI✓IS✓S
d✓de✓es✓s ( -✓-e✓e | -✓-E✓E ) | ( -✓-d✓d | -✓-D✓D ) | ( -✓-[c✓cC✓C][c✓ck✓kn✓na✓am✓me✓e] ) | [
-✓-b✓b3✓3h✓hf✓fs✓s ] [ -✓-k✓k _✓k_✓e_✓y ] ] [ -✓-u✓u[_✓u_✓u_✓n_✓a_✓m_✓e] [ _✓i_✓n_✓p_✓u_✓t_✓-_✓f_✓i_✓l_✓e [ _✓o_✓u_✓t_✓p_✓u_✓t_✓-
_✓f_✓i_✓l_✓e ] ]
D✓DE✓ES✓SC✓CR✓RI✓IP✓PT✓TI✓IO✓ON✓N
d✓de✓es✓s encrypts and decrypts data using the Data Encryption
Standard algorithm. One of -✓-e✓e,✓, -✓-E✓E (for encrypt) or -✓-d✓d,✓, -✓-D✓D
(for decrypt) must be specified. It is also possible to
use -✓-c✓c or -✓-C✓C in conjunction or instead of the a
encrypt/decrypt option to generate a 16 character hexadec-
imal checksum, generated via the _✓d_✓e_✓s_✓__✓c_✓b_✓c_✓__✓c_✓k_✓s_✓u_✓m_✓.
Two standard encryption modes are supported by the d✓de✓es✓s
program, Cipher Block Chaining (the default) and Elec-
tronic Code Book (specified with -✓-b✓b ).
The key used for the DES algorithm is obtained by prompt-
ing the user unless the `✓`-✓-k✓k _✓k_✓e_✓y_✓' option is given. If the
key is an argument to the d✓de✓es✓s command, it is potentially
visible to users executing p✓ps✓s(1) or a derivative. To min-
imise this possibility, d✓de✓es✓s takes care to destroy the key
argument immediately upon entry. If your shell keeps a
history file be careful to make sure it is not world read-
able.
Since this program attempts to maintain compatability with
sunOS's des(1) command, there are 2 different methods used
to convert the user supplied key to a des key. Whenever
and one or more of -✓-E✓E,✓, -✓-D✓D,✓, -✓-C✓C or -✓-3✓3 options are used, the
key conversion procedure will not be compatible with the
sunOS des(1) version but will use all the user supplied
character to generate the des key. d✓de✓es✓s command reads from
standard input unless _✓i_✓n_✓p_✓u_✓t_✓-_✓f_✓i_✓l_✓e is specified and writes
to standard output unless _✓o_✓u_✓t_✓p_✓u_✓t_✓-_✓f_✓i_✓l_✓e is given.
O✓OP✓PT✓TI✓IO✓ON✓NS✓S
-✓-b✓b Select ECB (eight bytes at a time) encryption mode.
-✓-3✓3 Encrypt using triple encryption. By default triple
cbc encryption is used but if the -✓-b✓b option is used
then triple ecb encryption is performed. If the
key is less than 8 characters long, the flag has no
effect.
-✓-e✓e Encrypt data using an 8 byte key in a manner com-
patible with sunOS des(1).
-✓-E✓E Encrypt data using a key of nearly unlimited length
(1024 bytes). This will product a more secure
1
DES(1) DES(1)
encryption.
-✓-d✓d Decrypt data that was encrypted with the -e option.
-✓-D✓D Decrypt data that was encrypted with the -E option.
-✓-c✓c Generate a 16 character hexadecimal cbc checksum
and output this to stderr. If a filename was spec-
ified after the -✓-c✓c option, the checksum is output
to that file. The checksum is generated using a
key generated in a sunOS compatible manner.
-✓-C✓C A cbc checksum is generated in the same manner as
described for the -✓-c✓c option but the DES key is gen-
erated in the same manner as used for the -✓-E✓E and -✓-D✓D
options
-✓-f✓f Does nothing - allowed for compatibility with sunOS
des(1) command.
-✓-s✓s Does nothing - allowed for compatibility with sunOS
des(1) command.
-✓-k✓k _✓k_✓e_✓y Use the encryption _✓k_✓e_✓y specified.
-✓-h✓h The _✓k_✓e_✓y is assumed to be a 16 character hexadecimal
number. If the -✓-3✓3 option is used the key is
assumed to be a 32 character hexadecimal number.
-✓-u✓u This flag is used to read and write uuencoded
files. If decrypting, the input file is assumed to
contain uuencoded, DES encrypted data. If encrypt-
ing, the characters following the -u are used as
the name of the uuencoded file to embed in the
begin line of the uuencoded output. If there is no
name specified after the -u, the name text.des will
be embedded in the header.
S✓SE✓EE✓E A✓AL✓LS✓SO✓O
p✓ps✓s (✓(1✓1)✓) d✓de✓es✓s_✓_c✓cr✓ry✓yp✓pt✓t(✓(3✓3)✓)
B✓BU✓UG✓GS✓S
The problem with using the -✓-e✓e option is the short key
length. It would be better to use a real 56-bit key
rather than an ASCII-based 56-bit pattern. Knowing that
the key was derived from ASCII radically reduces the time
necessary for a brute-force cryptographic attack. My
attempt to remove this problem is to add an alternative
text-key to DES-key function. This alternative function
(accessed via -✓-E✓E,✓, -✓-D✓D,✓, -✓-S✓S and -✓-3✓3 ) uses DES to help gener-
ate the key.
Be carefully when using the -u option. Doing des -ud
<filename> will not decrypt filename (the -u option will
2
DES(1) DES(1)
gobble the d option).
The VMS operating system operates in a world where files
are always a multiple of 512 bytes. This causes problems
when encrypted data is send from unix to VMS since a 88
byte file will suddenly be padded with 424 null bytes. To
get around this problem, use the -u option to uuencode the
data before it is send to the VMS system.
A✓AU✓UT✓TH✓HO✓OR✓R
Eric Young (eay@psych.psy.uq.oz.au), Psychology Depart-
ment, University of Queensland, Australia.
3