.\" Copyright (c) 1989 The Regents of the University of California. .\" All rights reserved. .\" .\" This code is derived from software contributed to Berkeley by .\" Phil Karn, derived from original work by Jim Gillogly and .\" Richard Outerbridge. .\" .\" Redistribution and use in source and binary forms are permitted provided .\" that: (1) source distributions retain this entire copyright notice and .\" comment, and (2) distributions including binaries display the following .\" acknowledgement: ``This product includes software developed by the .\" University of California, Berkeley and its contributors'' in the .\" documentation or other materials provided with the distribution and in .\" all advertising materials mentioning features or use of this software. .\" Neither the name of the University nor the names of its contributors may .\" be used to endorse or promote products derived from this software without .\" specific prior written permission. .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" .\" @(#)des3.3 5.3 (Berkeley) 6/23/90 .\" .TH DES 3 "June 23, 1990" .UC 7 .SH NAME desinit, setkey, endes, dedes, desdone - DES encryption .SH SYNOPSIS .PP .B desinit(mode) .B int mode; .PP .B setkey(key) .B char *key; .PP .B endes(block) .B char *block; .PP .B dedes(block) .B char *block; .PP .B desdone(); .SH DESCRIPTION These routines implement both standard and modified forms of the NBS Data Encryption Standard (DES). The user must first call .B desinit with one of three operating modes: .PP 0 - Standard, vanilla DES. .PP 1 - DES with the initial and final permutations removed. As these permutations do not strengthen the algorithm, they are widely regarded as having no purpose other than to slow down software implementations. Removing them speeds it up but of course the algorithm is no longer standard and it will not be compatible with hardware DES chips. .PP 2 - DES with the initial and final permutations removed, and with independent 48-bit subkeys for each of the 16 rounds. Needless to say this is even less standard than mode 1, but if properly used (randomize ALL key bytes -- no padding!) it should strengthen the algorithm. .PP After calling .B desinit the user next calls .B setkey. In modes 0 and 1, 8 key bytes are expected, with the low order bit of each key byte ignored (parity is not checked). This gives a 56-bit key. In mode 2, 128 key bytes are expected; the high order 2 bits of each byte are ignored, giving a 768 bit key. In this mode, the first 8 bytes will be used in the first round, the second 8 bytes in the second round, and so on. .PP Once the key is set, the user may perform in-place encryption and decryption of 8-byte blocks of data with calls to .B endes and .B dedes. .PP To free up memory dynamically allocated by .B desinit the user may call .B desdone. If further encryption or decryption is to be done, .B desinit and .B setkey must be called again. .SH AUTHOR Phil Karn, KA9Q, building heavily on the earlier public domain code by Jim Gillogly.