des_cfb_encrypt man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

des(3)									des(3)

NAME
       des,	  des_random_key,	des_set_key,	  des_set_key_checked,
       des_set_key_unchecked,	    des_set_odd_parity,	      des_ecb_encrypt,
       des_ecb2_encrypt,  des_ecb3_encrypt, des_ncbc_encrypt, des_cfb_encrypt,
       des_ofb_encrypt,		 des_pcbc_encrypt,	    des_cfb64_encrypt,
       des_ofb64_encrypt,	 des_xcbc_encrypt,	 des_ede2_cbc_encrypt,
       des_ede2_cfb64_encrypt,	des_ede2_ofb64_encrypt,	 des_ede3_cbc_encrypt,
       des_ede3_cbcm_encrypt,  des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
       des_read_password,	des_read_2passwords,	   des_read_pw_string,
       des_cbc_cksum,	  des_string_to_2keys,	  des_fcrypt,	 des_enc_read,
       des_enc_write - DES encryption

SYNOPSIS
       #include <openssl/des.h>

       void des_random_key(
	       des_cblock *ret ); int des_set_key(
	       const_des_cblock *key,
	       des_key_schedule schedule ); int des_key_sched(
	       const_des_cblock *key,
	       des_key_schedule schedule ); int des_set_key_checked(
	       const_des_cblock *key,
	       des_key_schedule schedule ); void des_set_key_unchecked(
	       const_des_cblock *key,
	       des_key_schedule schedule ); void des_set_odd_parity(
	       des_cblock *key ); int des_is_weak_key(
	       const_des_cblock *key ); void des_ecb_encrypt(
	       const_des_cblock *input,
	       des_cblock *output,
	       des_key_schedule ks,
	       int enc ); void des_ecb2_encrypt(
	       const_des_cblock *input,
	       des_cblock *output,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       int enc ); void des_ecb3_encrypt(
	       const_des_cblock *input,
	       , des_cblock *output,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_key_schedule ks3,
	       int enc ); void des_ncbc_encrypt(
	       const unsigned char *input,
	       unsigned char *output,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       int enc ); void des_cfb_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       int numbits,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       int enc ); void des_ofb_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       int numbits,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec ); void des_pcbc_encrypt(
	       const unsigned char *input,
	       nsigned char *output,
	       u,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       int enc ); void des_cfb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       int *num,
	       int enc ); void des_ofb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       int *num ); void des_xcbc_encrypt(
	       const unsigned char *input,
	       unsigned char *output,
	       long length,
	       des_key_schedule schedule,
	       des_cblock *ivec,
	       const_des_cblock *inw,
	       const_des_cblock *outw,
	       int enc ); void des_ede2_cbc_encrypt(
	       const unsigned char *input,
	       unsigned char *output,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_cblock *ivec,
	       int enc ); void des_ede2_cfb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_cblock *ivec,
	       int *num,
	       int enc ); void des_ede2_ofb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_cblock *ivec,
	       int *num ); void des_ede3_cbc_encrypt(
	       const unsigned char *input,
	       unsigned char *output,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_key_schedule ks3,
	       des_cblock *ivec,
	       int enc ); void des_ede3_cbcm_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_key_schedule ks3,
	       des_cblock *ivec1,
	       des_cblock *ivec2,
	       int enc ); void des_ede3_cfb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_key_schedule ks3,
	       des_cblock *ivec,
	       int *num,
	       int enc ); void des_ede3_ofb64_encrypt(
	       const unsigned char *in,
	       unsigned char *out,
	       long length,
	       des_key_schedule ks1,
	       des_key_schedule ks2,
	       des_key_schedule ks3,
	       des_cblock *ivec,
	       int *num ); int des_read_password(
	       des_cblock *key,
	       const char *prompt,
	       int verify ); int des_read_2passwords(
	       des_cblock *key1,
	       des_cblock *key2,
	       const char *prompt,
	       int verify ); int des_read_pw_string(
	       char *buf,
	       int length,
	       const char *prompt,
	       int verify ); DES_LONG des_cbc_cksum(
	       const unsigned char *input,
	       des_cblock *output,
	       long length,
	       des_key_schedule schedule,
	       const_des_cblock *ivec ); DES_LONG des_quad_cksum(
	       const unsigned char *input,
	       des_cblock output[],
	       long length,
	       int out_count,
	       des_cblock *seed ); void des_string_to_key(
	       const char *str,
	       des_cblock *key ); void des_string_to_2keys(
	       const char *str,
	       des_cblock *key1,
	       des_cblock *key2 ); char *des_fcrypt(
	       const char *buf,
	       const char *salt,
	       char *ret ); char *des_crypt(
	       const char *buf,
	       const char *salt ); char *crypt(
	       const char *buf,
	       const char *salt ); int des_enc_read(
	       int fd,
	       void *buf,
	       int len,
	       des_key_schedule sched,
	       des_cblock *iv ); int des_enc_write(
	       int fd,
	       const void *buf,
	       int len,
	       des_key_schedule sched,
	       des_cblock *iv );

DESCRIPTION
       This library contains a fast implementation of the DES encryption algo‐
       rithm.

       There  are  two	phases to the use of DES encryption.  The first is the
       generation of a des_key_schedule from a key; the second is  the	actual
       encryption.   A DES key is of type des_cblock.  This type consists of 8
       bytes with odd parity.  The least significant bit in each byte  is  the
       parity  bit.   The  key	schedule is an expanded form of the key; it is
       used to speed the encryption process.

       The des_random_key() generates a random key.  The PRNG must  be	seeded
       prior to using this function (see rand_ssl(3); for backward compatibil‐
       ity the des_random_seed() function is available as well). If  the  PRNG
       could not generate a secure key, 0 is returned.	In earlier versions of
       the library, des_random_key() did not generate secure keys.

       Before a DES key can be used, it must be converted into	the  architec‐
       ture   dependent	 des_key_schedule  via	the  des_set_key_checked()  or
       des_set_key_unchecked() functions.

       The des_set_key_checked() function will check that the key passed is of
       odd parity and is not a weak or semi-weak key.  If the parity is wrong,
       then -1 is returned.  If the key is a weak key, then  -2	 is  returned.
       If an error is returned, the key schedule is not generated.

       The  des_set_key() function (called des_key_sched() in the MIT library)
       works like des_set_key_checked() if the des_check_key flag is non-zero;
       otherwise,  it works like des_set_key_unchecked().  These functions are
       available for compatibility; we recommend you use a function that  does
       not depend on a global variable.

       The des_set_odd_parity() function (called des_fixup_key_parity() in the
       MIT library) sets the parity of the passed key to odd.

       The des_is_weak_key() function returns 1 is the passed key  is  a  weak
       key,  0	if it is ok.  The probability that a randomly generated key is
       weak is 1/2^52.

       The following routines mostly operate on an input and output stream  of
       des_cblock:  The des_ecb_encrypt() function is the basic DES encryption
       routine that encrypts or decrypts a single 8-byte des_cblock  in	 elec‐
       tronic  code  book  (ECB)  mode.	  It always transforms the input data,
       pointed to by input, into the output data, pointed  to  by  the	output
       argument.  If the encrypt argument is non-zero (DES_ENCRYPT), the input
       (cleartext) is encrypted	 in  to	 the  output  (ciphertext)  using  the
       key_schedule  specified	by  the	 schedule argument, previously set via
       des_set_key. If encrypt is zero (DES_DECRYPT), the input	 (now  cipher‐
       text)  is  decrypted into the output (now cleartext).  Input and output
       may overlap.  The des_ecb_encrypt() function does not return  a	value.
       The  des_ecb3_encrypt()	function encrypts and decrypts the input block
       by using three-key Triple-DES encryption in ECB	mode.	This  involves
       encrypting  the	input  with ks1, decrypting with the key schedule ks2,
       and then encrypting with ks3.  This routine greatly reduces the chances
       of  brute  force	 breaking of DES and has the advantage if ks1, ks2 and
       ks3 are the same. It is equivalent to encryption using ECB mode and ks1
       as  the	key.  The des_ecb2_encrypt() macro is provided to perform two-
       key Triple-DES encryption by using ks1 for the final  encryption.   The
       des_ncbc_encrypt()  function  encrypts  and  decrypts using the cipher-
       block-chaining (CBC) mode of DES.  If the encrypt argument is non-zero,
       the  routine  cipher-block-chain encrypts the cleartext data pointed to
       by the input argument into the ciphertext  pointed  to  by  the	output
       argument, using the key schedule provided by the schedule argument, and
       initialization vector provided by the ivec  argument.   If  the	length
       argument	 is not an integral multiple of eight bytes, the last block is
       copied to a temporary area and zero filled.  The output	is  always  an
       integral	 multiple  of eight bytes.  The des_xcbc_encrypt() function is
       RSA's DESX mode of DES.	It uses inw and outw to whiten the encryption.
       The  inw	 and  outw are secret (unlike the iv) and are part of the key.
       So the key is sort of 24 bytes.	This is much better than CBC DES.  The
       des_ede3_cbc_encrypt() function implements outer triple CBC DES encryp‐
       tion with three keys. This means that each DES operation inside the CBC
       mode  is really an C=E(ks3,D(ks2,E(ks1,M))).  This mode is used by SSL.
       The  des_ede2_cbc_encrypt()  macro  implements  two-key	Triple-DES  by
       reusing	ks1  for the final encryption.	C=E(ks1,D(ks2,E(ks1,M))). This
       form  of	  Triple-DES   is   used   by	the   RSAREF   library.	   The
       des_pcbc_encrypt() function encrypts and decrypts using the propagating
       cipher block chaining mode used by Kerberos v4. Its parameters are  the
       same  as	 des_ncbc_encrypt().   The des_cfb_encrypt() function encrypts
       and decrypts using cipher feedback mode.	 This method takes an array of
       characters  as  input and outputs and array of characters.  It does not
       require any padding to 8 character groups. The ivec variable is changed
       and  the	 new changed value needs to be passed to the next call to this
       function.  Since this function runs a complete DES ECB  encryption  per
       numbits,	 this  function	 is  only suggested for use when sending small
       numbers of characters.  The des_cfb64_encrypt() function implements CFB
       mode  of DES with 64-bit feedback.  This is useful because this routine
       will allow you to encrypt an arbitrary number of bytes, no 8-byte  pad‐
       ding.  Each call to this routine will encrypt the input bytes to output
       and then update ivec and num.  The num  shows  where  you  are  through
       ivec.   The des_ede3_cfb64_encrypt() and des_ede2_cfb64_encrypt() func‐
       tions are the same as  the  des_cfb64_encrypt()	function  except  that
       Triple-DES is used.  The des_ofb_encrypt() function encrypts using out‐
       put feedback mode.  This method takes an array of characters  as	 input
       and  outputs  and array of characters.  It does not require any padding
       to 8-character groups. The ivec variable is changed and the new changed
       value needs to be passed to the next call to this function.  Since this
       function runs a complete DES ECB encryption per numbits,	 we  recommend
       using this function only when sending small numbers of characters.  The
       des_ofb64_encrypt() function is the  same  as  the  des_cfb64_encrypt()
       function using Output Feed Back mode.  The des_ede3_ofb64_encrypt() and
       des_ede2_ofb64_encrypt() functions are the same as  des_ofb64_encrypt()
       using Triple-DES.

       The following functions are included in the DES library for compatibil‐
       ity with the MIT Kerberos library. The des_read_pw_string() function is
       also    available    under    the   name	  EVP_read_pw_string().	   The
       des_read_pw_string() function writes the string specified by prompt  to
       standard output, turns echo off and reads in input string from the ter‐
       minal.  The string is returned in buf, which must  have	space  for  at
       least  length bytes.  If verify is set, the user is asked for the pass‐
       word twice.  Unless the two copies match,  an  error  is	 returned.   A
       return code of -1 indicates a system error, 1 failure due to use inter‐
       action, and 0 is success.  The des_read_password()  function  does  the
       same   and   converts   the   password	to   a	 DES  key  by  calling
       des_string_to_key(); the des_read_2password() function operates in  the
       same  way  as  des_read_password() except that it generates two keys by
       using the des_string_to_2key() function.	 The des_string_to_key() func‐
       tion is available for backward compatibility with the MIT library.  New
       applications should  use	 a  cryptographic  hash	 function.   The  same
       applies	for  the  des_string_to_2key()	function.  The des_cbc_cksum()
       function produces an 8-byte checksum based on the input stream (via CBC
       encryption).   The  last	 4  bytes of the checksum are returned and the
       complete 8 bytes are placed in output. This function is	used  by  Ker‐
       beros v4.  Other applications should use EVP_DigestInit() etc. instead.
       The des_quad_cksum() function is a Kerberos v4 function.	 It returns  a
       4-byte  checksum	 from  the input bytes.	 The algorithm can be iterated
       over the input, depending on out_count, 1, 2, 3 or 4 times.  If	output
       is  non-NULL,  the 8 bytes generated by each pass are written into out‐
       put.

       The following are DES-based transformations: The des_fcrypt()  function
       is  a  fast  version  of the Unix crypt() function.  This version takes
       only a small amount of space relative to other fast crypt() implementa‐
       tions.	This  is  different  from  the	normal crypt in that the third
       parameter is the buffer that the return	value  is  written  into.   It
       needs  to  be  at  least	 14 bytes long.	 This function is thread safe,
       unlike the normal crypt.	 The des_crypt() function is a faster replace‐
       ment  for  the  normal system crypt(). This function calls des_fcrypt()
       with a static array passed as the third parameter.  This	 emulates  the
       normal non-thread safe semantics of crypt().  The des_enc_write() func‐
       tion writes len bytes to file descriptor fd from buffer buf.  The  data
       is  encrypted via pcbc_encrypt (default) using sched for the key and iv
       as a starting vector.  The actual data send down fd consists of 4 bytes
       (in  network  byte  order)  containing  the  length  of	the  following
       encrypted data.	The encrypted data then follows,  padded  with	random
       data out to a multiple of 8 bytes.  The des_enc_read() function is used
       to read len bytes from file descriptor fd into  buffer  buf.  The  data
       being  read from fd is assumed to have come from des_enc_write() and is
       decrypted using sched for the key schedule and iv for the initial  vec‐
       tor.

					    Note

	      The data format used by des_enc_write() and des_enc_read() has a
	      cryptographic weakness: When asked to write more	than  MAXWRITE
	      bytes,  des_enc_write()  will split the data into several chunks
	      that are all encrypted using the same IV.	 We do	not  recommend
	      using  these functions unless you are sure you know what you do.
	      They cannot  handle  non-blocking	 sockets.  The	des_enc_read()
	      function	uses  an internal state and cannot be used on multiple
	      files.  The des_rw_mode specifies the  encryption	 mode  to  use
	      with the des_enc_read() and des_end_write() functions.  If it is
	      set to DES_PCBC_MODE (the default),  des_pcbc_encrypt  is	 used.
	      If it is set to DES_CBC_MODE, des_cbc_encrypt is used.

NOTES
       Single-key  DES is insecure due to its short key size.  ECB mode is not
       suitable for most applications; see des_modes(7).

       The evp(3) library provides higher-level encryption functions.

RESTRICTIONS
       The des_3cbc_encrypt() function is flawed  and  must  not  be  used  in
       applications.

       The   des_cbc_encrypt()	 function   does  not  modify  ivec;  use  the
       des_ncbc_encrypt() function instead.

       The des_cfb_encrypt() and des_ofb_encrypt() functions operate on	 input
       of 8 bits. What this means is that if you set numbits to 12, and length
       to 2, the first 12 bits will come from the first input byte and the low
       half  of the second input byte.	The second 12 bits will have the low 8
       bits taken from the 3rd input byte and the top 4 bits  taken  from  the
       fourth  input byte.  The same holds for output.	This function has been
       implemented this way because most people will be using a multiple of 8.

       The des_read_pw_string() function  is  the  most	 machine/OS  dependent
       function	 and  normally	generates  the most problems when porting this
       code.

       The des library was written to be source code compatible with  the  MIT
       Kerberos library. It conforms to ANSI X3.106.

HISTORY
       The	des_cbc_cksum(),     des_cbc_encrypt(),	    des_ecb_encrypt(),
       des_is_weak_key(),	  des_key_sched(),	   des_pcbc_encrypt(),
       des_quad_cksum(),     des_random_key(),	   des_read_password(),	   and
       des_string_to_key()  functions  are  available  in  the	MIT   Kerberos
       library;	  the	des_check_key_parity(),	  des_fixup_key_parity(),  and
       des_is_weak_key() functions are available in  newer  versions  of  that
       library.

       The  des_set_key_checked()  and	des_set_key_unchecked() functions were
       added in OpenSSL 0.9.5.

       The  des_generate_random_block(),   des_init_random_number_generator(),
       des_new_random_key(),		      des_set_random_generator_seed(),
       des_set_sequence_number(), and des_rand_data() functions	 are  used  in
       newer versions of Kerberos but are not implemented here.

       The  des_random_key()  function generated cryptographically weak random
       data in SSLeay and in OpenSSL prior version 0.9.5, as well  as  in  the
       original MIT library.

       Author  is  Eric	 Young	(eay@cryptsoft.com).  Modified for the OpenSSL
       project (http://www.openssl.org).

SEE ALSO
       Functions: crypt(3), des_crypt(3), evp(3), rand_ssl(3)

       Files: des_modes(7)

									des(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net