DSF.DOC Program: DSF.MAR Author: David G. North, CCP Date: 10-Oct-1988 Description: This is a Data Security Facility that provides encryption and decryption using a private method. Block and record modes are supported. HEX format is provided for encrypted files so that they are transmissible via e-mail. Wildcards are supported. Notes: o No attempt has been made for the encrypted files to be portable *anywhere* except to another VAX/VMS system. o HEX format in BLOCK mode is not extremely useful. The file format is FIXED 64. E-mail send and extract destroys this format. The damage can be repaired with CONVERT, but why bother? Just use record mode. Usage: DSF <infilelist> [<key>] [/OUTPUT=<file>][/FORWARDS+][/BACKWARDS*+] [/HIGH_SECURITY*+][/BLOCK[={NOHEADER|[NO]AUTOMATIC*}]] [/METHODS={ALL|PRIVATE*}][/INVERTED+] [/LOG*+][/ANNUNCIATE*+][/CONFIRM+] '*' indicates default operations '+' indicates default operation is controllable from .CLD infilelist: Files to be encrypted. Wildcards allowed, lists allowed using DCL comma operator. key: Text string to use as encryption key. May be quoted on the command line. Will be prompted for if missing, and read no-echo. Case-sensitive if quoted on the command-line or prompted for. Special constructs supported are: ?I?, ?i?, ?O?, ?o? embedded in the key. These mean embed (I)nput or (O)utput filenames in the key in place of the '?x?' string. Use this carefully... if the filename substituted does not match exactly the filename used for encryption, the decryption *will not work*. Note that the case of the substitution request will set the case for the substituted text. Convention is to use '?o?' for encryptions, and '?i?' for decryptions so that the filenames are properly synchronized. /OUTPUT=<file> Used to direct DSF to output to a specific filename in lieu of encrypting <infile> 'in-place' (making a new version). /BACKWARDS*+ /FORWARDS+ Used to tell DSF if you are ENcrypting (FORWARD) or DEcrypting (BACKWARD). The operations are non-symmetric in certain cases. Decryption is the default operation. /INVERTED+ Used to access the symmetry inherent in the encryption algorithms, but still remain synchronized with the nonsymmetric aspects relating to file formats. This operates with '/HEX'. /HIGH_SECURITY*+ Obsolete. Used for compatibility with DSF V1.0. /BLOCK[={NOHEADER|[NO]AUTOMATIC*}] Used to process a file independent of its structure, and to retain that structure across the encrypt/decrypt process. The additional keywords provided are for forcing block mode compatibility with an earlier version of DSF. The default is '=AUTOMATIC'. You should generally not be required to use these keywords. Usage for compatibility is: to encrypt /BLOCK with a previous version as the target, use /BLOCK=NOHEADER. The default =AUTOMATIC operation should be satisfactory for going the other direction, but due to the algorithm used, there is a slight chance you could incur a checksum error. If you know the file was written /BLOCK by an earlier version, or /BLOCK=NOHEADER and you are getting the checksum error, then override the AUTOMATIC using /BLOCK=NOHEADER. /METHODS={ALL|PRIVATE*} Used to override the default methods used. Default is to use only the PRIVATE encryption method. If you specify this, then there is *no* default... /LOG*+ Log all files input & output for encryption/decryption /ANNUNCIATE*+ Annunciate all operations during an encryption/decryption /CONFIRM+ Confirm operation first (implies /LOG) Notes: 1) Use of the auto-password substitution can be disastrous if you do not understand how it works. If you are concerned that you might not understand it fully, then don't use it until you do! An example of it's usage might be: DSF/FORWARD *.dat/OUTPUT=*.enc "bogus?O?test" Upon input of files TEST1.DAT, and FRED.DAT, the output files created are: TEST1.ENC (name TEST1), and FRED.ENC (name FRED). They will be substituted in uppercase (per the ?O? versus ?o?) to generate the keys: 'bogusTEST1test' and 'bogusFREDtest'. Note also that since the output *NAME* field was not overridden in the output specification, use of '?I?' and '?O?' are not substantially different. 2) Output filename substitution occurs by using the filename that you specify for output as the primary filename string, and the full name of the input filename as the secondary filespec. This implies that not specifying an output spec will cause new versions of all matched files to be created and encrypted or decrypted. This also implies that if you are so bold as to specify 'TT:' as output, then the 'output' name will still be taken from the input filenames since 'tt:' is a device, and not a filename.