crypt(3X) LIBRARY FUNCTIONS crypt(3X)
NAME
crypt - password and file encryption functions
SYNOPSIS
cc [flag ...] file ... -lcrypt [library ...]
#include <crypt.h>
char *crypt (const char *key, const char *salt);
void setkey (const char *key);
void encrypt (char *block, int flag);
char *descrypt (const char *key, const char *salt);
void dessetkey (const char *key);
void desencrypt (char *block, int flag);
int runsetkey (int *p, const char *key);
int runcrypt (long offset, char *buffer,
unsigned int count, int *p);
int cryptclose(int *p);
DESCRIPTION
descrypt is the password encryption function. It is based
on a one-way hashing encryption algorithm with variations
intended (among other things) to frustrate use of hardware
implementations of a key search.
key is a user's typed password. salt is a two-character
string chosen from the set [a-zA-Z0-9./]; this string is
used to perturb the hashing algorithm in one of 4096 dif-
ferent ways, after which the password is used as the key to
encrypt repeatedly a constant string. The returned value
points to the encrypted password. The first two characters
are the salt itself.
The dessetkey and desencrypt entries provide (rather prim-
itive) access to the actual hashing algorithm. The argument
of dessetkey is a character array of length 64 containing
only the characters with numerical value 0 and 1. If this
string is divided into groups of 8, the low-order bit in
each group is ignored, thereby creating a 56-bit key that is
set into the machine. This key is the key that will be used
with the hashing algorithm to encrypt the string block with
the function desencrypt.
1
crypt(3X) LIBRARY FUNCTIONS crypt(3X)
The argument to the desencrypt entry is a character array
of length 64 containing only the characters with numerical
value 0 and 1. The argument array is modified in place to a
similar array representing the bits of the argument after
having been subjected to the hashing algorithm using the key
set by dessetkey. If flag is zero, the argument is
encrypted; if non-zero, it is decrypted.
Note that decryption is not provided in the international
version of crypt. The international version is part of the
C Development Set, and the domestic version is part of the
Security Administration Utilities. If decryption is
attempted with the international version of desencrypt, an
error message is printed.
crypt, setkey, and encrypt are front-end routines that
invoke des_crypt, des_setkey, and des_encrypt respectively.
The routines runsetkey and runcrypt are designed for use
by applications that need cryptographic capabilities [such
as ed(1) and vi(1)] that must be compatible with the
crypt(1) user-level utility. runsetkey establishes a two-
way pipe connection with the crypt utility, using key as the
password argument. runcrypt takes a block of characters
and transforms the cleartext or ciphertext into their
ciphertext or cleartext using the crypt utility. offset is
the relative byte position from the beginning of the file
that the block of text provided in block is coming from.
count is the number of characters in block, and connection
is an array containing indices to a table of input and out-
put file streams. When encryption is finished, cryptclose
is used to terminate the connection with the crypt utility.
runsetkey returns -1 if a connection with the crypt utility
cannot be established. This result will occur in interna-
tional versions of the UNIX system in which the crypt util-
ity is not available. If a null key is passed to runsetkey,
0 is returned. Otherwise, 1 is returned. runcrypt returns
-1 if it cannot write output or read input from the pipe
attached to crypt. Otherwise it returns 0.
The program must be linked with the object file access rou-
tine library libcrypt.a.
DIAGNOSTICS
In the international version of crypt(3X), a flag argument
of 1 to encrypt or desencrypt is not accepted, and errno is
set to ENOSYS to indicate that the functionality is not
available.
SEE ALSO
getpass(3C), passwd(4).
2
crypt(3X) LIBRARY FUNCTIONS crypt(3X)
crypt(1), login(1), passwd(1) in the User's Reference
Manual.
NOTES
The return value in crypt points to static data that are
overwritten by each call.
3