readme

一个完整的des演示程序

DES-Linux 1.0  10/04/93  Public-domain DES library, commands, and utilities
                         for Linux (With SunOS-Compatible des(1))
(Modified by Chris Cappuccio (chris@g386bsd.first.gmd.de) for Linux)

The DES functions in libdes.a are defined in des(3).  Various twitches
and such have been made to this DES package, it should compile on
any operating system that uses a standard C compiler.  (It likes GCC,
I know that for sure :) It has been optimized and configured for Linux,
using the following environment:

  o Linux kernel version 0.99.13
  o GCC version 2.4.5
  o Libc version 4.4.1

It should compile sweetly under any version of Linux, newer or older.
Not to mention *BSD, Ultrix, SunOS(Why?), SVR?, etc... Running DOS
with DJGPP, I bet you can at least get des(1) working, so you can
exchange data between DOS<->Linux<->SunOS in a somewhat secure manner
(Our des(1) is compatible with the SunOS version thereof).  It seems
fun to play around with some of this stuff anyways. Note that DOS users
will need to compile in test/getopt.c if they have no getopt() function.

This package includes:
	des(1): (/usr/bin/des) A program compatible with SunOS des(1)
		to encrypt files using DES encryption routines.
	des(3): (/usr/lib/libdes.a) A library of des functions, defined
		in the des(3) man page. ('man 3 des' will show you this page)
        radlogin: (/bin/radlogin) A login program for secure login over
		over insecure channels (such as packet radio). Defined
		in detail below.
	descalc: (/usr/bin/descalc) Used with radlogin to encrypt/decrypt
		challenges with the key listed in /etc/rkeys. Defined
		in detail below.
	descert: (/usr/bin/descert) Used to test the des(3) library
		functions for validity.
	descycle: (/usr/bin/descycle) Investigate cycles in DES output
		feedback mode.
	benchmark: (/usr/bin/benchmark) Run a DES loop consuming CPU time,
		useful for benchmark tests.

	test/: This directory contains unfinished and somewhat useless
		programs that were some of Phil's ideas. I may hack on
		them if I gain interest :). Look for one of these in version
		1.1.

Here are the basic steps to getting this DES implementation working
on a normal Unix system:

1. 'make certify' - It should give you a screen full of

 K: 0001... P: 33895... C: 39393... OK

If it says 'Encrypt FAIL' instead of 'OK', you have your byte-order
set wrong. Take -DLITTLE_ENDIAN from the 'CFLAGS' in Makefile.

2. Make sure you are root and 'make install'

 This step will compile everything and install it in the proper place
 (/usr/bin for all utilities except radlogin, /bin for radlogin, /usr/lib
 for libdes, and /usr/man/manX for the manual pages)

If you do not have root/superuser access and you wish to install des
for your own use, type 'make all' and this will make and test des,
leaving it in the current directory.

Usage Example:

Say you want to encrypt the file credit-history.1092, here's how you would
do it:

john$ des -e < credit-history.1092 > credit-history.1092.des
Enter key:<enter your secret key, (make up a good one!) it won't show up as
           you type it>
Enter key again:<enter it again>
john$ rm credit-history.1092

Say you want it back in readable form:

john$ des -d < credit-history.1092.des > credit-history.1092
Enter key:<use the same key you did last time>
Enter key again:<again...>
join$

Now your credit-history.1092 file is restored.

Public-domain DES commands, library and utilities by Phil Karn, KA9Q
This file last updated 21 Dec 1987 (Updated 04 Oct 1993 by chris-)

The Makefile compiles everything and runs test data (from the NBS
certification suite) through DES.  Everying runs as-is under Linux and
most other Unixes. For DOS, change the name of the console in getpass.c.
For big-endian machines like Pyramid and the 68000 (Macintosh, Sun, Amiga),
comment out the definition of LITTLE_ENDIAN in the makefile.  DEC VAXen and
the Intel 8086 family (IBM PC) are little-endian, so this definition should
be left in for them regardless of the operating system.  If you get the
byte order wrong, the test output in "certify" will say "ENCRYPT FAIL"
instead of "OK"; just change the flag and recompile.

The des executable (source in main.c) is an encrypt/decrypt filter
compatible with Sun's des command.

Radlogin is an experimental program for secure login over insecure
channels (like packet radio).  It runs under Berkeley UNIX only.  Make
it the shell for a special, password-free login (e.g., "radio").  When
it starts the user will be asked his REAL login name, which is then
looked up in /etc/rkeys.  (This file must be protected since it contains
DES keys).  The time of day is then printed in hex as a challenge, and
the user must encrypt it using DES and his key and type the answer back. 
The user uses the program "descalc" to perform his local calculation.
All this is very clumsy; it requires manual retyping of the challenge
in plain and ciphertext form.  Ideally this should be part of net.exe
(Phil Karn's networking package for DOS), invoked perhaps by a special
telnet option after the user's name is entered.  If the client telnet
refuses the option, it sends an ordinary password prompt; otherwise it
does the authentication and bypasses the password. 

The format of /etc/rkeys is as follows:

user_name<sp>DES_key_in_hex
karn 0123456789abcdef
n4hy fedcba987654321

This is all experimental, of course; improvements are most welcome.

Phil