DSF Program: DSF.MAR Author: David G. North, CCP Date: 10

advertisement
DSF.DOC
Program:
DSF.MAR
Author:
David G. North, CCP
Date:
10-Oct-1988
Description:
This is a Data Security Facility that provides encryption and
decryption using a private method. Block and record modes are
supported. HEX format is provided for encrypted files so
that they are transmissible via e-mail. Wildcards are
supported.
Notes:
o No attempt has been made for the encrypted files to be
portable *anywhere* except to another VAX/VMS system.
o HEX format in BLOCK mode is not extremely useful. The file
format is FIXED 64. E-mail send and extract destroys this
format. The damage can be repaired with CONVERT, but why
bother? Just use record mode.
Usage:
DSF <infilelist> [<key>]
[/OUTPUT=<file>][/FORWARDS+][/BACKWARDS*+]
[/HIGH_SECURITY*+][/BLOCK[={NOHEADER|[NO]AUTOMATIC*}]]
[/METHODS={ALL|PRIVATE*}][/INVERTED+]
[/LOG*+][/ANNUNCIATE*+][/CONFIRM+]
'*' indicates default operations
'+' indicates default operation is controllable from .CLD
infilelist:
Files to be encrypted.
Wildcards allowed, lists allowed
using
DCL comma operator.
key:
Text string to use as encryption key.
May be quoted on the command line.
Will be prompted for if missing, and read no-echo.
Case-sensitive if quoted on the command-line or prompted for.
Special constructs supported are:
?I?, ?i?, ?O?, ?o? embedded in the key.
These mean embed (I)nput or (O)utput filenames
in the key in place of the '?x?' string. Use this
carefully... if the filename substituted does not
match exactly the filename used for encryption, the
decryption *will not work*. Note that the case of
the substitution request will set the case for the
substituted text. Convention is to use '?o?' for
encryptions, and '?i?' for decryptions so that the
filenames are properly synchronized.
/OUTPUT=<file>
Used to direct DSF to output to a specific filename in
lieu of encrypting <infile> 'in-place' (making a new
version).
/BACKWARDS*+
/FORWARDS+
Used to tell DSF if you are ENcrypting (FORWARD) or
DEcrypting
(BACKWARD). The operations are non-symmetric in certain
cases.
Decryption is the default operation.
/INVERTED+
Used to access the symmetry inherent in the encryption
algorithms, but still remain synchronized with the nonsymmetric aspects relating to file formats. This operates
with '/HEX'.
/HIGH_SECURITY*+
Obsolete. Used for compatibility with DSF V1.0.
/BLOCK[={NOHEADER|[NO]AUTOMATIC*}]
Used to process a file independent of its structure,
and to retain that structure across the encrypt/decrypt
process. The additional keywords provided are for
forcing block mode compatibility with an earlier
version of DSF. The default is '=AUTOMATIC'. You should
generally not be required to use these keywords. Usage
for compatibility is: to encrypt /BLOCK with a previous
version as the target, use /BLOCK=NOHEADER. The default
=AUTOMATIC operation should be satisfactory for going
the other direction, but due to the algorithm used, there
is a slight chance you could incur a checksum error. If
you know the file was written /BLOCK by an earlier version,
or /BLOCK=NOHEADER and you are getting the checksum error,
then override the AUTOMATIC using /BLOCK=NOHEADER.
/METHODS={ALL|PRIVATE*}
Used to override the default methods used. Default is to
use only the PRIVATE encryption method. If you specify
this, then there is *no* default...
/LOG*+
Log all files input & output for encryption/decryption
/ANNUNCIATE*+
Annunciate all operations during an encryption/decryption
/CONFIRM+
Confirm operation first (implies /LOG)
Notes:
1) Use of the auto-password substitution can be disastrous if you
do not understand how it works. If you are concerned that you
might not understand it fully, then don't use it until you do!
An example of it's usage might be:
DSF/FORWARD *.dat/OUTPUT=*.enc "bogus?O?test"
Upon input of files TEST1.DAT, and FRED.DAT, the output files
created are: TEST1.ENC (name TEST1), and FRED.ENC (name FRED).
They will be substituted in uppercase (per the ?O? versus ?o?)
to generate the keys: 'bogusTEST1test' and 'bogusFREDtest'.
Note also that since the output *NAME* field was not overridden
in the output specification, use of '?I?' and '?O?' are not
substantially different.
2) Output filename substitution occurs by using the filename that
you specify for output as the primary filename string, and the
full name of the input filename as the secondary filespec. This
implies that not specifying an output spec will cause new
versions
of all matched files to be created and encrypted or decrypted.
This
also implies that if you are so bold as to specify 'TT:' as
output,
then the 'output' name will still be taken from the input
filenames
since 'tt:' is a device, and not a filename.
Download