idecrypt is a utility for decrypting the encrypted tokens that
provided instead of usernames when it is
run in encrypted-token mode (that is, with the
idecrypt reads up to 1024 lines from the
/usr/local/etc/identd.key file, converting each line to a DES key using
It then reads standard input, searching for encrypted tokens
in the format produced by
decrypts the tokens if possible, and copies all unrecognised text from
standard input to standard output without modification.
If more than one key appears in the key file, then
will use the first key for encryption, and
idecrypt will attempt to use all the keys for decryption.
This allows new keys to be used by
without losing the ability for
idecrypt to decrypt old tokens (until there are more than 1024 keys in the key file).
Each encrypted token consists of 32 base64 characters, enclosed in
square brackets. To make it easier to process logs generated by
tcpd (8) that convert the square brackets to underlines,
idecrypt permits underline characters instead of square brackets
in its input.
idecrypts output from decrypting each token is a human readable string
containing the timestamp (displayed as a local time in
format), the numeric uid, the local IP address, the local port number,
the remote IP address and the remote port number.
Suppose that the local host has IP address 10.2.3.4, the local
/usr/local/etc/identd.key file contains
and the local host is running the
server in encrypted-token mode.
Now, if a local user
with uid 501 telnets to a remote host with IP address 10.9.8.7,
the remote host may choose to make an ident query back to the
local host, in order to obtain some information to be logged for
possible use later. The local
might send the following encrypted token to the remote host
instead of sending a username:
If the administrator of the remote host later provides the administrator
of the local host with a copy of the encrypted token, and if
the secret key has not been removed from the local
/usr/local/etc/identd.key file, then the administrator of the local host can run
idecrypt and can provide the encrypted token in standard input.
idecrypt will then print the following decrypted information:
Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
This represents the time the encrypted token was created,
the local user id, the local IP address and port number, and the
remote IP address and port number.