crypt -- encode/decode


crypt [ password ]

crypt [ -k ]


The crypt command reads from the standard input and writes to the standard output. The password is a key that selects a particular transformation. If no argument is given, crypt demands a key from the terminal and turns off printing to the screen while the key is being typed in. If the -k option is used, crypt will use the key assigned to the environment variable CrYpTkEy. The crypt command encrypts and decrypts with the same key: see ``Examples'' section below.

Files encrypted by crypt are compatible with those treated by the editors ed(C), ex(C), and vi(C) in encryption mode.

The security of encrypted files depends on three factors: the fundamental method must be hard to solve; direct search of the key space must be infeasible; ``sneak paths'' by which keys or clear text can become visible must be minimized.

The crypt command implements a one-rotor machine designed along the lines of the German Enigma, but with a 256-element rotor. Methods of attack on such machines are known, but not widely; moreover the amount of work required is likely to be large.

The transformation of a key into the internal settings of the machine is deliberately designed to be expensive, that is, to take a substantial fraction of a second to compute. However, if keys are restricted to (say) three lower-case letters, then encrypted files can be read by expending only a substantial fraction of five minutes of machine time.

If the key is an argument to the crypt command, it is potentially visible to users executing ps(C) or a derivative. To minimize this possibility, crypt takes care to destroy any record of the key immediately upon entry. The choice of keys and key security are the most vulnerable aspect of crypt.


The following example encrypts the file top_secret using the key password; creating an encrypted file gibberish:

crypt password < top_secret > gibberish

When the file gibberish is unencrypted, crypt demands the key (password) from the user if it is not given on the command line. The output may be written to the terminal:

crypt < gibberish

to the printer:

crypt < gibberish | lp

or to a file:

crypt < gibberish > confidential

You can use crypt as the basis of a password mechanism by testing whether the unencrypted file (confidential) and the original file (top_secret) are the same:

   cmp -s top_secret confidential
   if [ $? = 0 ]
        echo "Password verified - Welcome"
        echo "Password incorrect!"


If two or more files encrypted with the same key are concatenated and an attempt is made to decrypt the result, only the contents of the first of the original files will be decrypted correctly.

Distribution of the crypt libraries and utilities is regulated by the U.S. Government and they are not available to sites outside the United States (including territories) and Canada. Because we cannot control the destination of the software, these utilities are not included in the standard product. If your site is within the U.S., its territories, or Canada, you can obtain the crypt software through your product distributor or reseller.


for typed key

See also

ed(C), ex(C), makekey(ADM), ps(C), stty(C), vi(C)
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003