CRYPT(3X) MISCELLANEOUS LIBRARY FUNCTIONS CRYPT(3X)
NAME
crypt -- password and file encryption functions
SYNOPSIS
cc [flag...] file...-lcrypt
char *crypt(char *key, char *salt);
void setkey(char *key);
void encrypt(char *block, int flag);
char *des_crypt(char *key, char *salt);
void des_setkey(char *key);
void des_encrypt(char *block, int flag);
int run_setkey(int p[2], char *key);
int run_crypt(long offset, char *buffer, unsigned int count, int p[2]);
int crypt_close(int p[2]);
DESCRIPTION
des_crypt is the password encryption function. It is based
on a one-way hashing encryption algorithm with variations
intended (among other things) to frustrate use of hardware
implementations of a key search.
key is a user's typed password.
salt is a two-character string chosen from the set
(a-zA-Z0-9./); this string is used to alter the hashing
algorithm in one of 4096 different ways, after which the
password is used as the key to repeatedly encrypt a constant
string. The returned value points to the encrypted password.
The first two characters are the salt itself.
The des_setkey and des_encrypt entries provide (rather prim-
itive) access to the actual hashing algorithm. The
des_setkey argument is a character array of 64 bits in
length containing only characters with a numerical value of
0 and 1. If this string is divided into groups of 8, the
low-order bit in each group is ignored; this produces a
56-bit key that is set into the machine. This key is used
with the hashing algorithm to encrypt the string block with
the des_encrypt function.
The argument to the des_encrypt entry is a character array
of 64 bits in length containing only characters with a
numerical value of 0 and 1. The argument array is modified
SUPER-UX Last change: Oct 3, 1997 1
CRYPT(3X) MISCELLANEOUS LIBRARY FUNCTIONS CRYPT(3X)
in place to a similar array representing the bits of the
argument after being subjected to the hashing algorithm
using the key set by des_setkey. If flag is zero, the argu-
ment is encrypted; if nonzero, it is decrypted.
Note that decryption is not provided in the international
version of crypt(3X). The international version is part of
the C Programming Language Utilities, and the domestic ver-
sion is part of the Security Administration Utilities.
crypt,setkey, and encrypt are front-end routines that invoke
des_crypt, des_setkey, and des_encrypt, respectively.
The run_setkey and run_crypt routines are designed for
applications that need cryptographic capabilities, such as
ed(l) and vi(l), that must be compatible with the crypt(l)
user-level utility. run_setkey establishes a two-way pipe
connection with crypt(l) using key as the password argument.
run_crypt takes a block of characters and transforms cleart-
ext or ciphertext into their ciphertext or cleartext using
crypt(l).
offset is the relative byte position from the beginning of
the file that the block of text provided in buffer is coming
from. count is the number of characters in buffer, and con-
nection is an array containing indices to a table of input
and output file streams. When encryption is finished,
crypt_close is used to terminate the connection with
crypt(l).
run_setkey returns -1 if a connection with crypt(l) cannot
be established. This occurs on international versions of
UNIX where crypt(l) is not available. If a null key is
passed to run_setkey, 0 is returned. Otherwise, 1 is
returned. run_crypt returns -1 if it cannot write output or
read input from the pipe attached to crypt. Otherwise, it
returns 0.
SEE ALSO
login(1), passwd(1), getpass(3C), passwd(4)
DIAGNOSTICS
In the international version of crypt(3X), a flag argument
of 1 to des_encrypt is not accepted, and errno is set to
ENOSYS to indicate that the functionality is not available.
NOTES
The return value in crypt points to static data that is
overwritten by each call.
SUPER-UX Last change: Oct 3, 1997 2
G1AB02E Programmer's Reference Manual