Previous Table of Contents Next

Module 27


The external crypt command encrypts and decrypts the standard input and standard output. It reads the standard input and encrypts it based on the supplied encryption key. The encrypted data is written to the standard output. Thus it is usually necessary to redirect the standard output and input to and from files when using crypt. To decrypt a file you just reverse the filenames on the command line, allowing crypt to read from the encrypted file and writing the decrypted data to a file.

System V ships the crypt command as part of a security package. Your system may not have the crypt command if this software package was not purchased and installed.

The security of the encrypted data depends on the accessibility to your encryption key and plain data. It is advisable not to use an encryption key on the command line. If an encryption key is placed on the command line, it can be easily viewed by another user browsing the output of the ps command. Data that has not been encrypted is obviously at the disposal of whoever can read it.

If you plan on using encrypted files, you should learn to use the encrypt options on the various editors supplied in the UNIX System. This will prevent you from leaving decrypted files in your directory.


Following is the general format of the crypt command.

     crypt [ key ]
     crypt [ -k ]

BSD (Berkeley)
crypt [ key ]

Since crypt does not read from files, you must use the shell redirection symbols to control the input and output of data. For instance:

     crypt key < not_crypted > crypted
     crypt key < crypted > not_crypted


The following option is used to control how crypt functions.

-k The -k option causes crypt to use the encryption key assigned to the environment variable CRYPTKEY.

BSD (Berkeley)
-k Not supported


The following argument may be passed to the crypt command.

key The key word that controls the transformation of the data. It is used by crypt to perform the encryption and decryption.


If the proper key is not used, crypt will decrypt the file and generate various control sequences, possibly causing your terminal or printer to enter strange modes.


Refer to the ed, ex, and vi commands described in modules 39, 43, and 151.


The crypt command reads from the standard input and writes to the standard output.


You may find it necessary to secure private information on your system. Maybe you're a manager and you need to keep all of your memos confidential. By setting the permissions to read-only by others you can prevent most casual users from viewing the contents. But the super-user can always look at any file, no matter how the permissions are set. To secure the data, you can encrypt it with the crypt command. No matter who attempts to read the file, they must have the encryption key to extract the data. Hopefully, only you know the encryption key. It will take someone with more than normal curiosity to break the encrypted data code and read the contents of the file.

Although breaking the code to decipher encrypted data is very difficult, it can be done. If someone with encryption experience and enough time trys to break the code to your data, he/she will probably succeed. But the easiest way for your data to be deciphered is by someone acquiring your key. It is advisable not to use your key on the command line or in the CRYPTKEY variable. An experienced systems programmer can acquire these values from your executing shell environment. The value can also be acquired when you type it into the prompt from crypt. Also be aware of which crypt program you are executing; make sure it is /bin/crypt, not from your directory or some local bin directory. If it is not /bin/crypt, it may be a trojan horse program which writes your key into another user's log file, allowing the user to access your encrypted data.


In this activity you use the crypt command to encrypt a file and then decrypt it back to normal. Begin at the shell prompt.

1.  Type crypt < file1 > file1.e and press Return. Notice you are prompted for a key.
   cj> crypt < file1 > file1.e
   Enter key:

Enter an encryption key. At least six characters are suggested.
2.  Type file file1.e to see what type of data is stored in the encrypted file. The file type should be data.
3.  Type od -c file1.e and press Return to display the encrypted data. Notice the characters look like jibberish.
4.  To decrypt the file type crypt < file1.e > file1. Enter the encryption key as before when crypt prompts for it.
5.  Now let's see if the file is readable by typing cat file 1 and pressing Return.
6.  Type rm file1.e and press Return.
7.  Turn to Module 98 (SV), Module 122 (BSD) to continue the learning sequence.

Previous Table of Contents Next