.\" This file is in the public domain. .Dd July 22, 2000 .Dt LIBDES 3 .Os NetBSD 1.4T .Sh NAME .Nm des , .Nm des3 , .Nm rsadestable , .Nm rsades3table .Nd DES encryption routines .Sh SYNOPSIS .Fd #include .br .Nm cc .Op Ar arguments .Fl ldes .br .Ft void .Fn des "void *out" "const void *in" "const void *key" "int op" .Ft void .Fn des3 "void *out" "const void *in" "const void *key" "int op" .Ft void .Fn rsadestable "void *table" "const void *key" .Ft void .Fn rsades3table "void *table" "const void *key" .Sh DESCRIPTION These functions perform DES encryption. DES is the Data Encryption Standard, as found in USA Government Federal Information Processing Standards Publication 46, of January 15, 1977. .Pp .Fn des is the principal routine of the library. It takes a data block in the .Fa in argument (which must point to eight bytes of data) and a key in the .Fa key argument (which must also point to eight bytes of data), encrypting or decrypting according as the .Fa op argument is .Dv ENCRYPT or .Dv DECRYPT . Note that DES has only 56 bits of key; the low-order bit of each byte in the .Fa key data is ignored. The resulting output data block is stored through .Fa out , which again must point to eight bytes of data. The .Fa in and .Fa out arguments may point to identical or otherwise overlapping data areas without harm. .Pp .Fn des3 performs three-key triple-DES E-D-E encryption (and decryption). Its interface is just like .Fn des Ns 's, except that .Fa key must point to 24, not 8, bytes of key data (again, the low bit of each byte is ignored). (The block size is still eight bytes.) .Pp .Fn rsadestable and .Fn rsades3table are present for compatability with RSADSI's DES code; they compute key table blocks believed to be identical with those computed by the RSADSI routines .Fn deskey and .Fn tripledes3key . They exist because at least one network protocol is known to depend on this exact key table layout. .Sh ERRORS These routines cannot fail unless they are passed invalid arguments. .Sh BUGS Ignoring the low bits of the key bytes is weird, outrageous, and arguably stupid, but it's how almost all other DES implementations work, and the specification does contain language implying that something of the sort should be done. .Pp Only ECB mode is directly supported. Wrapper routines should be provided for other operating modes, CBC at the very least. .Pp Very slow, even among software DES implementations. .Sh AUTHOR der Mouse, .Aq mouse@rodents.montreal.qc.ca .