CRYPT(3X)CRYPT(3X)NAMEcrypt - password and file encryption functions
SYNOPSIS
cc [flag ...] file ... -lcrypt
char *crypt(char *key, char *salt);
void setkey(char *key);
void encrypt(char *block, int flag);
char *des_crypt(char *key, char *salt);
void des_setkey(char *key);
void des_encrypt(char *block, int flag);
int run_setkey(int p[2], char *key);
int run_crypt(long offset, char *buffer, unsigned int count, int p[2]);
int crypt_close(int p[2]);
DESCRIPTION
des_crypt is the password encryption function. It is based on a one way
hashing encryption algorithm with variations intended (among other
things) to frustrate use of hardware implementations of a key search.
Key is a user's typed password. Salt is a two-character string chosen
from the set [a-zA-Z0-9./]; this string is used to perturb the hashing
algorithm in one of 4096 different ways, after which the password is used
as the key to encrypt repeatedly a constant string. The returned value
points to the encrypted password. The first two characters are the salt
itself.
The des_setkey and des_encrypt entries provide (rather primitive) access
to the actual hashing algorithm. The argument of des_setkey is a
character array of length 64 containing only the characters with
numerical value 0 and 1. If this string is divided into groups of 8, the
low-order bit in each group is ignored; this gives a 56-bit key which is
set into the machine. This is the key that will be used with the hashing
algorithm to encrypt the string block with the function des_encrypt.
The argument to the des_encrypt entry is a character array of length 64
containing only the characters with numerical value 0 and 1. The
argument array is modified in place to a similar array representing the
bits of the argument after having been subjected to the hashing algorithm
using the key set by des_setkey. If edflag is zero, the argument is
encrypted; if non-zero, it is decrypted.
Page 1
CRYPT(3X)CRYPT(3X)
Note that decryption is not provided in the international version of
crypt. The international version is part of the C Development Set, and
the domestic version is part of the Encryption Utilities. If decryption
is attempted with the international version of des_encrypt, an error
message is printed.
Crypt, setkey, and encrypt are front-end routines that invoke des_crypt,
des_setkey, and des_encrypt respectively.
The routines run_setkey and run_crypt are designed for use by
applications that need cryptographic capabilities [such as ed(1) and
vi(1)] that must be compatible with the crypt(1) user-level utility.
Run_setkey establishes a two-way pipe connection with crypt(1), using key
as the password argument. Run_crypt takes a block of characters and
transforms the cleartext or ciphertext into their ciphertext or cleartext
using crypt(1). Offset is the relative byte position from the beginning
of the file that the block of text provided in block is coming from.
Count is the number of characters in block, and connection is an array
containing indices to a table of input and output file streams. When
encryption is finished, crypt_close is used to terminate the connection
with crypt(1).
If a null key is passed to run_setkey, 0 is returned. Otherwise, 1 is
returned. Run_crypt returns -1 if it cannot write output or read input
from the pipe attached to crypt. Otherwise it returns 0.
The routines above are found in the library ``libcrypt.a'', and are
loaded if the option ``-lcrypt'' is used with cc(1) or ld(1).
SEE ALSOcrypt(1), login(1), passwd(1), getpass(3C), passwd(4).
NOTES
In the international version of crypt(3X), a flag argument of 1 to
encrypt or des_encrypt is not accepted, and errno is set to ENOSYS to
indicate that the functionality is not available.
The return value in crypt points to static data that are overwritten by
each call.
Page 2
