118 lines
2.9 KiB
Groff
118 lines
2.9 KiB
Groff
'\"macro stdmacro
|
|
.if n .pH g1.crypt @(#)crypt 30.4 of 3/4/86
|
|
.nr X
|
|
.if \nX=0 .ds x} CRYPT 1 "Security Administration Utilities" "\&"
|
|
.if \nX=1 .ds x} CRYPT 1 "Security Administration Utilities"
|
|
.if \nX=2 .ds x} CRYPT 1 "" "\&"
|
|
.if \nX=3 .ds x} CRYPT "" "" "\&"
|
|
.TH \*(x}
|
|
.SH NAME
|
|
crypt \- encode/decode
|
|
.SH SYNOPSIS
|
|
.B crypt
|
|
[ password ]
|
|
.br
|
|
.B crypt [\-k]
|
|
.SH DESCRIPTION
|
|
.I crypt\^
|
|
reads from the standard input and writes
|
|
on the standard output.
|
|
The
|
|
.I password\^
|
|
is a key that selects a particular transformation.
|
|
If no
|
|
argument
|
|
is given,
|
|
.I crypt\^
|
|
demands a key from the terminal and turns
|
|
off printing while the key is being typed in.
|
|
If the
|
|
\f3\-k\f1
|
|
option is used,
|
|
.I crypt\^
|
|
will use the key assigned to the
|
|
environment variable \s-1CrYpTkEy\s0.
|
|
.I crypt\^
|
|
encrypts and decrypts with the same key:
|
|
.PP
|
|
.RS
|
|
crypt \|key \|<clear \|>cypher
|
|
.br
|
|
crypt \|key \|<cypher \|\(bv \|pr
|
|
.RE
|
|
.PP
|
|
Files encrypted by
|
|
.I crypt\^
|
|
are compatible with those treated by the editors
|
|
.IR ed (1),
|
|
.IR edit (1),
|
|
.IR ex (1),
|
|
and
|
|
.IR vi (1)
|
|
in encryption mode.
|
|
.PP
|
|
The security of encrypted files depends on three factors:
|
|
the fundamental method must be hard to solve;
|
|
direct search of the key space must be infeasible;
|
|
``sneak paths'' by which keys or clear text can become
|
|
visible must be minimized.
|
|
.PP
|
|
.I crypt\^
|
|
implements a one-rotor machine designed along the lines
|
|
of the German Enigma, but with a 256-element rotor.
|
|
Methods of attack on such machines are known, but not widely;
|
|
moreover the amount of work required is likely to be large.
|
|
.PP
|
|
The transformation of a key into the internal
|
|
settings of the machine is deliberately designed to
|
|
be expensive, i.e., to take a substantial fraction of
|
|
a second to compute.
|
|
However,
|
|
if keys are restricted to (say)
|
|
three lower-case letters,
|
|
then encrypted files can be read by expending only
|
|
a substantial fraction of
|
|
five minutes of machine time.
|
|
.PP
|
|
If the key is an argument to the
|
|
.I crypt\^
|
|
command,
|
|
it is potentially visible to users executing
|
|
.IR ps (1)
|
|
or a derivative.
|
|
.ig
|
|
To minimize this possibility,
|
|
.I crypt\^
|
|
takes care to destroy any record of the key
|
|
immediately upon entry.
|
|
..
|
|
The choice of keys and key security
|
|
are the most vulnerable aspect of
|
|
.IR crypt .
|
|
.SH FILES
|
|
.ta 1i
|
|
/dev/tty for typed key
|
|
.DT
|
|
.SH SEE ALSO
|
|
ed(1), edit(1), ex(1), makekey(1), ps(1), stty(1), vi(1).
|
|
.SH WARNING
|
|
.\" XXXXX - Cryptographic policy of October 1997 allows export of this command.
|
|
.\"This command is provided with the Security Administration Utilities,
|
|
.\"which is only available in the United States.
|
|
If two or more files encrypted with the same key are concatenated
|
|
and an attempt is made to decrypt the result, only the
|
|
contents of the first of the original files will be decrypted correctly.
|
|
.SH BUGS
|
|
If output is piped to
|
|
.I nroff
|
|
and the encryption key is
|
|
.I not\^
|
|
given on the command line,
|
|
.I crypt\^
|
|
can leave terminal modes in a strange state
|
|
(see
|
|
.IR stty (1)).
|
|
'\".so /pubs/tools/origin.att
|
|
.\" @(#)crypt.1 6.3 of 9/2/83
|
|
.Ee
|