encryption/decryption filter 



crypt [-det] [-i input_file] [-o output_file] [key]


crypt reads data from the standard input and writes it to the standard output in an encrypted (coded) form. It also decrypts (decodes) previously encrypted data.

The encryption is uniquely determined by a user-supplied key, which is an arbitrary text string. The details of the transformation depend on the key in a way that makes them difficult to derive from the output alone. You may supply the key on the command line; otherwise crypt prompts you to enter the key. When you type in the key in response to the prompt, crypt does not display it on the screen. This latter approach is recommended for security reasons, because when you specify the key on the command line, it appears in the shell's command history, whereas a key typed in response to a prompt does not.

By default, the data transformation is a simulation of a rotor machine (styled after the Enigma machine used by the German military during WWII, but simplified). This is fully compatible with the UNIX version of this command. The encryption algorithm is reflexive, so the application of crypt to its own output, with the same key, yields the original input. This is also the algorithm used by the encryption options of ed and vi.

Many methods of cryptanalysis depend on knowing that the distribution of input characters is highly skewed. This is certainly the case for ASCII text. You can frustrate these methods by making the input distribution more uniform, by first using compressing the file (using mkszip or by encrypting more than once, with unrelated keys.



decrypts data that was encrypted with the -e option.


encrypts the input using the National Bureau of Standards' Data Encryption Standard (DES) algorithm. You can decrypt data encrypted in this way with the -d option.


The DES algorithm is not reflexive and is probably much more secure than the rotor machine; however, it is noticeably slower.

-i input_file 

reads input from the file specified by input_file rather than the standard input. Note, however, that if input_file is -, the standard input is used.

-o output_file 

writes output to the file specified by output_file rather than the standard output. Note, however, that if output_file is -, the standard output is used.


attempts to decrypt the input if it appears to be encrypted; otherwise, it applies no transformations. This is a heuristic used to improve the behavior of ed and vi. However, if the first block of characters of a non-encrypted file are randomly distributed, this option may not work. You cannot use -t with either of the -d or -e options.


Possible exit status values are:


Successful completion.


Failure due to any of the following:

— an invalid command line option
— too many command line arguments
— an invalid password


Windows 8.1. Windows Server 2012 R2. Windows 10. Windows Server 2016. Windows Server 2019. Windows 11. Windows Server 2022. All UNIX systems.

However, export restrictions limit the availability of the UNIX implementation outside of the U.S.

DES encryption is unique to this implementation.


MKS does not warrant this program to be fit for any particular purpose -- see your license agreement. If you are unable to decrypt some file for any reason (for example, you have lost the key, or mistyped it in the first place), your only recourse is cryptanalysis.

There are known methods of cryptanalytic attack on rotor machines. After all, the Allies routinely deciphered Enigma traffic about fifty years ago. The NSA is rumored to be able to decipher DES, albeit with super-computers and unlimited budgets. Security is afforded primarily by the (presumed) limits to the patience, determination and resources of the attacker.

Poorly chosen keys, such as short monocase natural-language words and familiar names are highly susceptible to systematic guessing.

Even when files are deleted their contents remain on disk, in unallocated blocks, and can readily be discovered by someone familiar with the structures and allocation strategies of the file system.


PTC MKS Toolkit for Power Users
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition


ed, mkszip, pack, vi

PTC MKS Toolkit 10.4 Documentation Build 39.