crypt(1)

crypt(1)

NAME

crypt - encode/decode ®les

SYNOPSIS

crypt [ password ]

DESCRIPTION

crypt reads from the standard input and writes on the standard output. password is a key that selects a particular transformation. If no password is given, crypt demands a key from the terminal and turns off printing while the key is being typed in. crypt encrypts and decrypts with the same key:

crypt key <clear >cypher crypt key <cypherpr

The latter command decrypts the ®le and prints the clear version.

Files encrypted by crypt are compatible with those treated by the ed editor in encryption mode (see ed(1)).

Security of encrypted ®les depends on three factors: the fundamental method must be hard to solve; direct search of the key space must be infeasible; ``sneak paths'' by which keys or clear text can become visible must be minimized.

crypt implements a one-rotor machine designed along the lines of the German Enigma, but with a 256- element rotor. Methods of attack on such machines are widely known; thus crypt provides minimal secu- rity.

The transformation of a key into the internal settings of the machine is deliberately designed to be expen- sive; i.e., to take a substantial fraction of a second to compute. However, if keys are restricted to, for exam- ple, three lowercase letters, then encrypted ®les can be read by expending only a substantial fraction of ®ve minutes of machine time.

Since the key is an argument to the crypt command, it is potentially visible to users executing the ps or a derivative (see ps(1)). The choice of keys and key security are the most vulnerable aspect of crypt.

EXAMPLES

The following example demonstrates the use of crypt to edit a ®le that the user wants to keep strictly con®dential:

$ crypt <plans >plans.x key: violet

$ rm plans

...

$ vi -x plans.x key: violet

...

:wq

$

...

$ crypt <plans.x pr key: violet

Note that the -xoption is the encryption mode of vi, and prompts the user for the same key with which the ®le was encrypted.

WARNINGS

If output is piped to nroff and the encryption key is not given on the command line, crypt can leave terminal modes in a strange state (see nroff(1) and stty(1)).

If two or more ®les encrypted with the same key are concatenated and an attempt is made to decrypt the result, only the the ®rst of the original ®les is decrypted correctly.

FILES

for typed key

/dev/tty

c

HP-UX Release 11i: December 2000

− 1 −

Section 1127