Changeset View
Changeset View
Standalone View
Standalone View
usr.bin/enigma/enigma.1
.\" | .\" | ||||
.\" enigma (aka. crypt) man page written by Joerg Wunsch. | .\" enigma (aka. crypt) man page written by Joerg Wunsch. | ||||
.\" | .\" | ||||
.\" Since enigma itself is distributed in the Public Domain, this file | .\" Since enigma itself is distributed in the Public Domain, this file | ||||
.\" is also. | .\" is also. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" " | .\" " | ||||
.Dd May 8, 2018 | .Dd September 6, 2019 | ||||
.Dt ENIGMA 1 | .Dt ENIGMA 1 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm enigma , | .Nm enigma , | ||||
.Nm crypt | .Nm crypt | ||||
.Nd very simple file encryption | .Nd very simple file encryption | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Nm | .Nm | ||||
.Op Fl s | .Op Fl sk | ||||
.Op Fl k | |||||
.Op Ar password | .Op Ar password | ||||
.Nm crypt | .Nm crypt | ||||
.Op Fl s | .Op Fl sk | ||||
.Op Fl k | |||||
.Op Ar password | .Op Ar password | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
The | The | ||||
.Nm | .Nm | ||||
utility, also known as | utility, also known as | ||||
.Nm crypt | .Nm crypt , | ||||
is a | is a | ||||
.Em very | .Em very | ||||
simple encryption program, working on a | simple encryption program that utilises a secret key. | ||||
.Dq secret-key | It encrypts or decrypts data from standard input, | ||||
basis. | and writes the result to standard output. | ||||
It operates as a filter, i.e., | Its operation is fully symmetrical; | ||||
it encrypts or decrypts a | feeding it encrypted data using the same secret key will decrypt it. | ||||
stream of data from standard input, and writes the result to standard | |||||
output. | |||||
Since its operation is fully symmetrical, feeding the encrypted data | |||||
stream again through the engine (using the same secret key) will | |||||
decrypt it. | |||||
.Pp | .Pp | ||||
There are several ways to provide the secret key to the program. | By default | ||||
By | .Nm | ||||
default, the program prompts the user on the controlling terminal for | prompts the user on the controlling terminal for the secret key. | ||||
the key, using | |||||
.Xr getpass 3 . | |||||
This is the only safe way of providing it. | This is the only safe way of providing it. | ||||
.Pp | Alternatively, the key can be set with the | ||||
Alternatively, the key can be provided as the sole command-line | |||||
argument | |||||
.Ar password | .Ar password | ||||
when starting the program. | operand, which can easily be spotted by other users running | ||||
Obviously, this way the key can easily be | |||||
spotted by other users running | |||||
.Xr ps 1 . | .Xr ps 1 . | ||||
As yet another alternative, | The key can also be provided by setting the environment variable | ||||
.Nm | .Ev CrYpTkEy | ||||
can be given the option | and specifying the option | ||||
.Fl k , | .Fl k . | ||||
and it will take the key from the environment variable | This option is provided for compatibility with other implementations, | ||||
.Ev CrYpTkEy . | as environment variables can also be examined with | ||||
emaste: this seems to imply that it the ability to examine environment variables is (part of) the… | |||||
While this at a first glance seems to be more secure than the previous | |||||
option, it actually is not since environment variables can also be | |||||
examined with | |||||
.Xr ps 1 . | .Xr ps 1 . | ||||
Thus this option is mainly provided for compatibility with other | |||||
implementations of | |||||
.Nm . | |||||
.Pp | .Pp | ||||
When specifying the option | When option | ||||
.Fl s , | .Fl s | ||||
.Nm | is passed, | ||||
modifies the encryption engine in a way that is supposed to make it a | the encryption engine is modified in a way that is supposedly more | ||||
little more secure, but incompatible with other implementations. | secure, but incompatible with other implementations. | ||||
Not Done Inline ActionsI wouldn't even say "supposedly more secure" here, perhaps and then maybe expand with "This was previously documented as being more secure, but .Nm has no cryptographic value with or without the -s option." emaste: I wouldn't even say "supposedly more secure" here, perhaps
the encryption engine is modified in… | |||||
.Pp | |||||
.Ss Warning | .Ss Warning | ||||
The cryptographic value of | The cryptographic value of | ||||
.Nm | .Nm | ||||
is rather small. | is worse than useless; | ||||
This program is only provided here for compatibility | attacks against its encryption scheme have been documented since 1984, | ||||
with other operating systems that also provide an implementation | and there are various tools that can break it in an automated process. | ||||
This program is only provided here for compatibility with other | |||||
operating systems that also provide an implementation | |||||
Not Done Inline ActionsThe "rather small cryptographic value" is not wrong and "worse than useless" is unnecessarily contemptuous for a manual. pstef: The "rather small cryptographic value" is not wrong and "worse than useless" is unnecessarily… | |||||
(usually called | (usually called | ||||
.Xr crypt 1 | .Nm crypt | ||||
there). | there). | ||||
For real encryption, refer to | For real encryption, use | ||||
.Xr openssl 1 , | .Xr openssl 1 , | ||||
or | or | ||||
.Xr gpg 1 Pq Pa security/gnupg1 . | .Xr gpg 1 Pq Pa security/gnupg1 . | ||||
.Sh ENVIRONMENT | .Sh ENVIRONMENT | ||||
.Bl -tag -offset indent -width ".Ev CrYpTkEy" | .Bl -tag -width "CrYpTkEy" | ||||
.It Ev CrYpTkEy | .It Ev CrYpTkEy | ||||
used to obtain the secret key when option | used to obtain the secret key when option | ||||
.Fl k | .Fl k | ||||
has been given | has been given. | ||||
.El | .El | ||||
.Sh EXAMPLES | .Sh EXAMPLES | ||||
Encrypt this manual and store it in the file | |||||
.Pa encrypted . | |||||
.Bd -literal -offset indent | .Bd -literal -offset indent | ||||
man enigma | enigma > encrypted | $ man enigma | enigma > encrypted | ||||
Enter key: (XXX \(em key not echoed) | Enter key: XXX (key not echoed) | ||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
This will create an encrypted form of this man page, and store it in | Decrypt the previously created file. | ||||
the file | |||||
.Pa encrypted . | |||||
.Bd -literal -offset indent | .Bd -literal -offset indent | ||||
enigma XXX < encrypted | $ crypt XXX < encrypted | ||||
.Ed | .Ed | ||||
.Pp | |||||
This displays the previously created file on the terminal. | |||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr gpg 1 , | .Xr gpg 1 , | ||||
.Xr openssl 1 , | .Xr openssl 1 , | ||||
.Xr ps 1 , | .Xr ps 1 | ||||
.Xr getpass 3 | .Rs | ||||
.%A J. A. Reeds | |||||
.%A P. J. Weinberger | |||||
.%J AT&T Bell Laboratories Technical Journal | |||||
.%I AT&T Bell Laboratories | |||||
.%R File Security and the UNIX System Crypt Command | |||||
.%D October 1984 | |||||
.%P pp. 1673-1683 | |||||
.Re | |||||
.Sh HISTORY | .Sh HISTORY | ||||
Implementations of | .An Robert Morris | ||||
wrote the original | |||||
.Nm crypt | .Nm crypt | ||||
are very common among | for | ||||
.Ux | .At v3 . | ||||
operating systems. | It was later updated by | ||||
This implementation has been taken from the | .An Dennis Richie | ||||
.Em Cryptbreakers Workbench | and | ||||
.An James Reeds | |||||
for | |||||
.At v7 . | |||||
.Sh AUTHORS | |||||
This implementation has been taken from | |||||
.An Robert W. Baldwin Ap s Dq Crypt Breakers Workbench , | |||||
which is in the public domain. | which is in the public domain. |
this seems to imply that it the ability to examine environment variables is (part of) the reason for this option.
How about something like either
This option is provided for compatibility with other implementations; environment variables can also be examined with ps.
or
This option is provided for compatibility with other implementations.
Note that environment variables can also be examined with ps.