IDECRYPT(8)IDECRYPT(8)NAMEidecrypt - Decrypt tokens obtained from identd
SYNOPSIS
/usr/sbin/idecrypt
DESCRIPTIONidecrypt is a utility for decrypting the encrypted tokens
that identd(8) provided instead of usernames when it is
run in encrypted-token mode (that is, with the -C flag).
idecrypt reads up to 1024 lines from the /etc/identd.key
file, converting each line to a DES key using
des_string_to_key(3). It then reads standard input,
searching for encrypted tokens in the format produced by
identd(8), decrypts the tokens if possible, and copies all
unrecognized text from standard input to standard output
without modification.
If more than one key appears in the key file, then
identd(8) will use the first key for encryption, and ide-
crypt will attempt to use all the keys for decryption.
This allows new keys to be used by identd(8) without los-
ing the ability for idecrypt to decrypt old tokens (until
there are more than 1024 keys in the key file).
Each encrypted token consists of 32 base64 characters,
enclosed in square brackets. To make it easier to process
logs generated by versions of tcpd (8) that convert the
square brackets to underlines, idecrypt permits underline
characters instead of square brackets in its input.
idecrypt's output from decrypting each token is a human
readable string containing the timestamp (displayed as a
local time in ctime(3) format), the numeric uid, the local
IP address, the local port number, the remote IP address
and the remote port number.
EXAMPLE
Suppose that the local host has IP address 10.2.3.4, the
local /etc/identd.key file contains
foobar
and the local host is running the identd(8) server in
encrypted-token mode.
Now, if a local user with uid 501 telnets to a remote host
with IP address 10.9.8.7, the remote host may choose to
make an ident query back to the local host, in order to
obtain some information to be logged for possible use
later. The local identd(8) might send the following
encrypted token to the remote host instead of sending a
username:
19 May 1996 1
IDECRYPT(8)IDECRYPT(8)
{aALdNYxh2496K4DDTel2Nk0Jzj5mRbok}
If the administrator of the remote host later provides the
administrator of the local host with a copy of the
encrypted token, and if the secret key has not been
removed from the local /etc/identd.key file, then the
administrator of the local host can run idecrypt and can
provide the encrypted token in standard input.
idecrypt will then print the following decrypted informa-
tion:
Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
This represents the time the encrypted token was created,
the local user id, the local IP address and port number,
and the remote IP address and port number.
SEE ALSOidentd(8)tcpd(8)BUGS
The handling of fatal errors could be better.
19 May 1996 2