crypt(3X) UNIX System V(Encryption Utilities) crypt(3X)
NAME
crypt - password and file encryption functions
SYNOPSIS
cc [flag ...] file ... -lcrypt [library ...]
#include <crypt.h>
char *crypt (const char *key, const char *salt);
void setkey (const char *key);
void encrypt (char *block, int flag);
char *descrypt (const char *key, const char *salt);
void dessetkey (const char *key);
void desencrypt (char *block, int flag);
int runsetkey (int *connection, const char *key);
int runcrypt (long offset, char *buffer, unsigned int count,
int *connection);
int cryptclose(int *connection);
DESCRIPTION
descrypt is the password encryption function. It is based on a one-way
hashing encryption algorithm with variations intended (among other
things) to frustrate use of hardware implementations of a key search.
key is a user's typed password. salt is a two-character string chosen
from the set [a-zA-Z0-9./]; this string is used to perturb the hashing
algorithm in one of 4096 different ways, after which the password is used
as the key to encrypt repeatedly a constant string. The returned value
points to the encrypted password. The first two characters are the salt
itself.
The dessetkey and desencrypt entries provide (rather primitive) access
to the actual hashing algorithm. The argument of dessetkey is a
character array of length 64 containing only the characters with
numerical value 0 and 1. If this string is divided into groups of 8, the
low-order bit in each group is ignored, thereby creating a 56-bit key
that is set into the machine. This key is the key that will be used with
the hashing algorithm to encrypt the string block with the function
desencrypt.
The argument to the desencrypt entry is a character array of length 64
containing only the characters with numerical value 0 and 1. The
argument array is modified in place to a similar array representing the
bits of the argument after having been subjected to the hashing algorithm
10/89 Page 1
crypt(3X) UNIX System V(Encryption Utilities) crypt(3X)
using the key set by dessetkey. If flag is zero, the argument is
encrypted; if non-zero, it is decrypted.
Note that decryption is not provided in the international version of
crypt. The international version is part of the C Development Set, and
the domestic version is part of the Encryption Utilities. If decryption
is attempted with the international version of desencrypt, an error
message is printed.
crypt, setkey, and encrypt are front-end routines that invoke des_crypt,
des_setkey, and des_encrypt respectively.
The routines runsetkey and runcrypt are designed for use by
applications that need cryptographic capabilities [such as ed(1) and
vi(1)] that must be compatible with the crypt(1) user-level utility.
runsetkey establishes a two-way pipe connection with the crypt utility,
using key as the password argument. runcrypt takes a block of
characters and transforms the cleartext or ciphertext into their
ciphertext or cleartext using the crypt utility. offset is the relative
byte position from the beginning of the file that the block of text
provided in buffer is coming from. count is the number of characters in
buffer, and connection is an array containing indices to a table of input
and output file streams. When encryption is finished, cryptclose is
used to terminate the connection with the crypt utility.
runsetkey returns -1 if a connection with the crypt utility cannot be
established. This result will occur in international versions of the
UNIX system in which the crypt utility is not available. If a null key
is passed to runsetkey, 0 is returned. Otherwise, 1 is returned.
runcrypt returns -1 if it cannot write output or read input from the
pipe attached to crypt. Otherwise it returns 0.
The program must be linked with the object file access routine library
libcrypt.a.
SEE ALSO
getpass(3C), passwd(4)
crypt(1), login(1), passwd(1) in the User's Reference Manual
DIAGNOSTICS
In the international version of crypt(3X), a flag argument of 1 to
encrypt or desencrypt is not accepted, and errno is set to ENOSYS to
indicate that the functionality is not available.
NOTES
The return value in crypt points to static data that are overwritten by
each call.
Page 2 10/89