1des(1)                           User Commands                          des(1)
2
3
4

NAME

6       des - encrypt or decrypt data using Data Encryption Standard
7

SYNOPSIS

9       des -e |  -d [-bfs] [-k key] [input-file [output-file]]
10
11

DESCRIPTION

13       des  encrypts  and decrypts data using the NBS Data Encryption Standard
14       algorithm. One of  -e (for encrypt) or -d (for decrypt) must be  speci‐
15       fied.
16
17
18       The   des  command  is provided to promote secure exchange of data in a
19       standard fashion.
20
21
22       Two standard encryption modes are supported by the des program,  Cipher
23       Block  Chaining  (CBC  —  the  default) and Electronic Code Book (ECB —
24       specified with -b). CBC mode treats an entire file as a unit of encryp‐
25       tion,  that  is,  if  insertions or deletions are made to the encrypted
26       file then decryption will not succeed. CBC mode also ensures that regu‐
27       larities  in  clear  data do not appear in the encrypted data. ECB mode
28       treats each 8 bytes as  units  of  encryptions,  so  if  parts  of  the
29       encrypted  file  are  modified then other parts may still be decrypted.
30       Identical values of clear text encrypt to identical  values  of  cipher
31       text.
32
33
34       The  key  used  for the DES algorithm is obtained by prompting the user
35       unless the `-k key' option is given. If the key is an argument  to  the
36       des  command,  it  is potentially visible to users executing ps(1) or a
37       derivative.  To minimize this possibility, des takes  care  to  destroy
38       the key argument immediately upon entry.
39
40
41       The  des command attempts to use DES hardware for its job, but will use
42       a software implementation of the  DES  algorithm  if  the  hardware  is
43       unavailable.   Normally,  a warning message is printed if the DES hard‐
44       ware is unavailable since the software is only about  1/50th  as  fast.
45       However, the  -f option will suppress the warning. The -s option may be
46       used to force use of software instead of hardware DES.
47
48
49       The des command reads from standard input unless input-file  is  speci‐
50       fied and writes to standard output unless output-file is given.
51
52
53       The  following sections give information required to implement compati‐
54       ble facilities in other environments.
55
56
57       Since the CBC and ECB modes of DES require  units  of  8  bytes  to  be
58       encrypted,  files  being encrypted by the des command have 1 to 8 bytes
59       appended to them to cause them to be a multiple of 8  bytes.  The  last
60       byte,  when  decrypted, gives the number of bytes (0 to 7) which are to
61       be saved of the last 8 bytes. The other bytes of those appended to  the
62       input  are  randomized before encryption. If, when decrypting, the last
63       byte is not in the range of 0 to 7 then either the encrypted  file  has
64       been  corrupted  or an incorrect key was provided for decryption and an
65       error message is printed.
66
67
68       The DES algorithm requires an 8 byte  key  whose  low  order  bits  are
69       assumed  to  be odd-parity bits.  The ASCII key supplied by the user is
70       zero padded to 8 bytes and the high order bits are set to be odd-parity
71       bits.  The DES algorithm then ignores the low bit of each ASCII charac‐
72       ter, but that bit's information has been preserved in the high bit  due
73       to the parity.
74
75
76       The CBC mode of operation always uses an initial value of all zeros for
77       the initialization vector, so the first 8 bytes of a file are encrypted
78       the same whether in CBC or ECB mode.
79

OPTIONS

81       -b       Select ECB (eight bytes at a time) encryption mode.
82
83
84       -d       Decrypt data.
85
86
87       -e       Encrypt data.
88
89
90       -f       Suppress warning message when software implementation is used.
91
92
93       -s       Select software implementation for the encryption algorithm.
94
95
96       -kkey    Use the encryption  key specified.
97
98

FILES

100       /dev/des?
101
102

SEE ALSO

104       ps(1)
105

BUGS

107       It  would be better to use a real 56-bit key rather than an ASCII-based
108       56-bit pattern.  Knowing that the key was derived from ASCII  radically
109       reduces the time necessary for a brute-force cryptographic attack.
110
111
112
113SunOS 5.11                        3 Mar 2008                            des(1)
Impressum