GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  IDECRYPT (8)

NAME

idecrypt - Decrypt tokens obtained from identd

CONTENTS

Synopsis
Description
Example
See Also
Bugs

SYNOPSIS

idecrypt

DESCRIPTION

idecrypt is a utility for decrypting the encrypted tokens that identd(8) provided instead of usernames when it is run in encrypted-token mode (that is, with the -C flag).

idecrypt reads up to 1024 lines from the /usr/local/etc/identd.key file, converting each line to a DES key using des_string_to_key(3). It then reads standard input, searching for encrypted tokens in the format produced by identd(8), decrypts the tokens if possible, and copies all unrecognised text from standard input to standard output without modification.

If more than one key appears in the key file, then identd(8) will use the first key for encryption, and idecrypt will attempt to use all the keys for decryption. This allows new keys to be used by identd(8) without losing the ability for idecrypt to decrypt old tokens (until there are more than 1024 keys in the key file).

Each encrypted token consists of 32 base64 characters, enclosed in square brackets. To make it easier to process logs generated by versions of tcpd (8) that convert the square brackets to underlines, idecrypt permits underline characters instead of square brackets in its input.

idecrypt’s output from decrypting each token is a human readable string containing the timestamp (displayed as a local time in ctime(3) format), the numeric uid, the local IP address, the local port number, the remote IP address and the remote port number.

EXAMPLE

Suppose that the local host has IP address 10.2.3.4, the local /usr/local/etc/identd.key file contains

foobar

and the local host is running the identd(8) server in encrypted-token mode.

Now, if a local user with uid 501 telnets to a remote host with IP address 10.9.8.7, the remote host may choose to make an ident query back to the local host, in order to obtain some information to be logged for possible use later. The local identd(8) might send the following encrypted token to the remote host instead of sending a username:

[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok]

If the administrator of the remote host later provides the administrator of the local host with a copy of the encrypted token, and if the secret key has not been removed from the local /usr/local/etc/identd.key file, then the administrator of the local host can run idecrypt and can provide the encrypted token in standard input.

idecrypt will then print the following decrypted information:

Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23

This represents the time the encrypted token was created, the local user id, the local IP address and port number, and the remote IP address and port number.

SEE ALSO

identd(8) tcpd(8)

BUGS

The handling of fatal errors could be better.
Search for    or go to Top of page |  Section 8 |  Main Index


--> IDECRYPT (8) 19 May 1996

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.