CRYPT(3X-SysV) RISC/os Reference Manual CRYPT(3X-SysV)
NAME
crypt - password and file encryption functions
SYNOPSIS
cc [flag ...] file ... -lcrypt
char *crypt (key, salt)
char *key, *salt;
void setkey (key)
char *key;
void encrypt (block, flag)
char *block;
int flag;
char *des_crypt (key, salt)
char *key, *salt;
void des_setkey (key)
char *key;
void des_encrypt (block, flag)
char *block;
int flag;
int run_setkey (p, key)
int p[2];
char *key;
int run_crypt (offset, buffer, count, p)
long offset;
char *buffer;
unsigned int count;
int p[2];
int crypt_close(p)
int p[2];
DESCRIPTION
des_crypt is the password encryption function. It is based
on a one way hashing encryption algorithm with variations
intended (among other things) to frustrate use of hardware
implementations of a key search.
key is a user's typed password. salt is a two-character
string chosen from the set [a-zA-Z0-9./]; this string is
used to perturb the hashing algorithm in one of 4096 dif-
ferent ways, after which the password is used as the key to
encrypt repeatedly a constant string. The returned value
points to the encrypted password. The first two characters
are the salt itself.
Printed 1/15/91 Page 1
CRYPT(3X-SysV) RISC/os Reference Manual CRYPT(3X-SysV)
The des_setkey and des_encrypt entries provide (rather prim-
itive) access to the actual hashing algorithm. The argument
of des_setkey is a character array of length 64 containing
only the characters with numerical value 0 and 1. If this
string is divided into groups of 8, the low-order bit in
each group is ignored; this gives a 56-bit key which is set
into the machine. This is the key that will be used with
the hashing algorithm to encrypt the string block with the
function des_encrypt.
The argument to the des_encrypt entry is a character array
of length 64 containing only the characters with numerical
value 0 and 1. The argument array is modified in place to a
similar array representing the bits of the argument after
having been subjected to the hashing algorithm using the key
set by des_setkey. If edflag is zero, the argument is
encrypted; if non-zero, it is decrypted.
Note that decryption is not provided in the international
version of crypt(3X). The international version is part of
the C Programming Language Utilities, and the domestic ver-
sion is part of the Security Administration Utilities. If
decryption is attempted with the international version of
des_encrypt, an error message is printed.
crypt, setkey, and encrypt are front-end routines that
invoke des_crypt, des_setkey, and des_encrypt respectively.
The routines run_setkey and run_crypt are designed for use
by applications that need cryptographic capabilities [such
as ed(1) and vi(1)] that must be compatible with the
crypt(1) user-level utility. run_setkey establishes a two-
way pipe connection with crypt(1), using key as the password
argument. run_crypt takes a block of characters and
transforms the cleartext or ciphertext into their ciphertext
or cleartext using crypt(1). offset is the relative byte
position from the beginning of the file that the block of
text provided in block is coming from. count is the number
of characters in block, and connection is an array contain-
ing indices to a table of input and output file streams.
When encryption is finished, crypt_close is used to ter-
minate the connection with crypt(1).
run_setkey returns -1 if a connection with crypt(1) cannot
be established. This will occur on international versions
of UNIX where crypt(1) is not available. If a null key is
passed to run_setkey, 0 is returned. Otherwise, 1 is
returned. run_crypt returns -1 if it cannot write output or
read input from the pipe attached to crypt. Otherwise it
returns 0.
Page 2 Printed 1/15/91
CRYPT(3X-SysV) RISC/os Reference Manual CRYPT(3X-SysV)
DIAGNOSTICS
In the international version of crypt(3X), a flag argument
of 1 to des_encrypt is not accepted, and an error message is
printed.
SEE ALSO
getpass(3C), passwd(4).
crypt(1), login(1), passwd(1) in the User's Reference
Manual.
CAVEAT
The return value in crypt points to static data that are
overwritten by each call.
Printed 1/15/91 Page 3