view docs/commandline.rst @ 60:0a3e4bc49118

Added docs for the decrypt sub-command.
author Brian Neal <bgneal@gmail.com>
date Fri, 12 Jul 2013 14:17:02 -0500
parents 6acd17898381
children 854c5d361011
line wrap: on
line source
Command-line Reference
======================

Overview
--------

The ``m209`` command-line utility peforms three functions:

* Creates key list files
* Encrypts text, either given on the command line or read from a file
* Decrypts text, either given on the command line or read from a file
 
These functions are implemented as sub-commands. To see the list of
sub-commands and options common to all sub-commands, use the ``-h`` or
``--help`` option::

   $ m209 --help
   usage: m209 [-h] [-l {debug,info,warning,error,critical}]
               {encrypt,enc,decrypt,dec,keygen,key} ...

   M-209 simulator and utility program

   optional arguments:
     -h, --help            show this help message and exit
     -l {debug,info,warning,error,critical}, --log {debug,info,warning,error,critical}
                           set log level [default: warning]

   list of commands:
     type m209 {command} -h for help on {command}

     {encrypt,enc,decrypt,dec,keygen,key}
       encrypt (enc)       encrypt text from file or command-line
       decrypt (dec)       decrypt text from file or command-line
       keygen (key)        generate key list

The ``-l`` / ``--log`` options control the verbosity of output. Currently only
the ``keygen`` sub-command makes use of this option.

Each sub-command has an alias for those who prefer shorter commands.

Keygen sub-command
------------------

``keygen``, or ``key`` for short, is the sub-command that pseudo-randomly
creates key list files for use by the ``encrypt`` and ``decrypt`` sub-commands,
as well as by the ``m209`` library routines. 

Help on the ``keygen`` sub-command can be obtained with the following
invocation::

   $ m209 keygen --help
   usage: m209 keygen [-h] [-z KEY_FILE] [-o] [-s XX] [-n NUMBER]

   Generate key list file

   optional arguments:
     -h, --help            show this help message and exit
     -z KEY_FILE, --key-file KEY_FILE
                           path to key list file [default: m209keys.cfg]
     -o, --overwrite       overwrite key list file if it exists
     -s XX, --start XX     starting indicator; if omitted, random indicators are
                           used
     -n NUMBER, --number NUMBER
                           number of key lists to generate [default: 1]

The options for ``keygen`` are described below.

``-z`` or ``--key-file``
   This option names the key list file. If not supplied, this defaults to
   ``m209keys.cfg``. Note that the other sub-commands also have this option,
   and they too use the same default value.

``-o`` or ``--overwrite``
   This switch must be present if the key list file already exists. It provides
   confirmation that the user wants to overwrite an existing file. If the key
   list file already exists, and this option is not supplied, this sub-command
   will exit with an error message and the original key list file will be
   unchanged.

``-s`` or ``--start``
   This option sets the starting indicator for the key list file. Key list
   indicators are two letters in the range ``AA`` to ``ZZ``. For example,
   ``keygen`` can be told to create 3 key lists, starting with indicator
   ``AA``.  In this case the key lists ``AA``, ``AB``, and ``AC`` would be
   written to the file. If this parameter is omitted, ``keygen`` picks
   indicators at random. Key list indicators simply name the key list, and are
   placed in the leading and trailing groups of encrypted messages to tell the
   receiver which key list was used to create the message. Both sender and
   receiver must have the same key list (name and contents) to communicate.

``-n`` or ``--number``
   This option specifies the number of key lists to generate. The default value
   is 1.

.. NOTE:: 

   The algorithm the ``keygen`` sub-command uses to generate key lists is based
   on the actual US Army procedure taken from the 1944 manual. This procedure
   is somewhat loosely specified and a lot is left up to the soldier creating
   the key list. The ``keygen`` algorithm is ad-hoc and uses simple heuristics
   and random numbers to make decisions.  Occasionally this algorithm may fail
   to generate a key list that meets the final criteria defined in the manual.
   If this happens an error message will be displayed and no key list file will
   be created. It is suggested to simply run the command again as it is not
   likely to happen twice in a row.

Keygen examples
+++++++++++++++

To generate 30 key lists in the default key list file (``m209keys.cfg``) with
random indicators, and overwriting the key list file if it exists::

   $ m209 keygen -o -n 30
   $ m209 key --overwrite --number=30

To generate 5 key lists that sequentially start with the indicator ``BN`` in
the key list file ``m209/keys/november/keys.cfg``::

   $ m209 keygen -z m209/keys/november/keys.cfg -s BN -n 5


Encrypt sub-command
-------------------

``encrypt``, or ``enc``, is the sub-command used to encrypt text. To get help
on the ``encrypt`` command, type the following::

   $ m209 encrypt -h
   usage: m209 encrypt [-h] [-z KEY_FILE] [-f FILE] [-t TEXT] [-k XX] [-e ABCDEF]
                       [-s S]

   Encrypt text from a file or command-line

   optional arguments:
     -h, --help            show this help message and exit
     -z KEY_FILE, --key-file KEY_FILE
                           path to key list file [default: m209keys.cfg]
     -f FILE, --file FILE  path to plaintext file or - for stdin
     -t TEXT, --text TEXT  text string to encrypt
     -k XX, --key-list-ind XX
                           2-letter key list indicator; if omitted a random one
                           is used
     -e ABCDEF, --ext-ind ABCDEF
                           6-letter external message indicator; if omitted a
                           random one is used
     -s S, --sys-ind S     1-letter system indicator; if omitted a random one is
                           used

   Either the -f/--file or -t/--text arguments must be supplied

The options to the ``encrypt`` command are described below.

``-z`` or ``--key-file``
   This option names the key list file. If not given, the default of
   ``m209keys.cfg`` is used.

``-t`` or ``--file``
   This option specifies the file that contains the text to encrypt. If the
   filename is given as ``-`` then input is read directly from ``stdin``. Note
   that either this option or the ``-t`` option must be specified, but not
   both.

``-t`` or ``--text``
   This option specifies the text to encrypt on the command-line. Depending
   upon your system, you'll probably have to quote or escape your text. Note
   that you must either specify this option or the ``-f`` option, but not both.

``-k`` or ``--key-list-ind``
   This option specifies the two-letter key list indicator to use. Valid values
   range from ``AA`` to ``ZZ``. The key list with this indicator must be in the
   key list file given by the ``-z`` option. If this option is omitted, a key
   list from the key list file is chosen at random.

``-e`` or ``--ext-ind``
   This option specifies the six-letter external message indicator, which is an
   encryption parameter as explained in the 1944 manual (see the references).
   Each letter must exist on the key wheels from left to right. If this option
   is omitted, an external message indicator is chosen at random.

``-s`` or ``--sys-ind``
   This option specifies the one-letter system indicator, which is an
   encryption parameter as explained in the 1944 manual (see the references).
   This must be a letter from ``A`` to ``Z``. If not given, one is chosen at
   random.

.. NOTE:: 

   An actual M-209 can only accept the letters ``A-Z``. When using an actual
   M-209, space characters must be input as the letter ``Z``. Numbers must
   typically be spelled out as words or some other agreed-upon convention.
   Likewise with punctuation. To make encryption more convenient, the ``m209``
   program will accept spaces and automatically convert them to the letter
   ``Z``. Lowercase letters will automatically be converted to uppercase. All
   other characters will be silently dropped from the input. This applies to
   both text read on the command-line with the ``-t`` option and text read from
   files (``-f``).

Encrypt examples
++++++++++++++++

To encrypt a simple string on the command-line using the default key file and
random encryption parameters::

   $ m209 encrypt -t "Rendezvous at zero seven thirty"
   BBEPH SSLBY RKHWO OBAJB VYQEQ NJHGV FWRCJ UZHMB PXXXX BBEPH SSLBY

To save the encrypted text to a file::

   $ m209 encrypt -t "Rendezvous at zero seven thirty" > secret.txt

To read the contents of a file and encrypt it, saving it to a new file::

   $ m209 enc -f message.txt > secret.txt

To explicitly specify encryption parameters, and read text from ``stdin``::

   $ cat message.txt | m209 enc --file=- -k SU -e ZQGMFO -s A 


Decrypt sub-command
-------------------

``decrypt``, or ``dec``, is the sub-command used to decrypt text. To get help
on the ``decrypt`` command, type the following::

   $ m209 decrypt --help
   usage: m209 decrypt [-h] [-z KEY_FILE] [-f FILE] [-t TEXT]

   Decyrpt text from a file or command-line

   optional arguments:
     -h, --help            show this help message and exit
     -z KEY_FILE, --key-file KEY_FILE
                           path to key list file [default: m209keys.cfg]
     -f FILE, --file FILE  path to ciphertext file or - for stdin
     -t TEXT, --text TEXT  text string to decrypt

   Either the -f/--file or -t/--text arguments must be supplied

The options to the ``decrypt`` command are described below.

``-z`` or ``--key-file``
   This option names the key list file. If not given, the default of
   ``m209keys.cfg`` is used.

``-t`` or ``--file``
   This option specifies the file that contains the text to decrypt. If the
   filename is given as ``-`` then input is read directly from ``stdin``. Note
   that either this option or the ``-t`` option must be specified, but not
   both.

``-t`` or ``--text``
   This option specifies the text to decrypt on the command-line. Depending
   upon your system, you'll probably have to quote or escape your text. Note
   that you must either specify this option or the ``-f`` option, but not both.

.. NOTE::

   The first and last 2 groups of an encrypted message contain the information
   needed to decrypt the message: the system indicator, the external message
   indicator, and the key list indicator. If the key list file given to the
   decrypt command does not contain the key list used to encrypt the message,
   then the message cannot be decrypted and an error message will be displayed.

Decrypt examples
++++++++++++++++

To decrypt a simple string on the command-line using the default key file::

   $ m209 decrypt -t "BBEPH SSLBY RKHWO OBAJB VYQEQ NJHGV FWRCJ UZHMB PXXXX BBEPH SSLBY"
   RENDE VOUS AT  ERO SEVEN THIRTYXSJQ

To save the decrypted text to a file::

   $ m209 decrypt -t "BBEPH SSLBY RKHWO OBAJB VYQEQ NJHGV FWRCJ UZHMB PXXXX BBEPH SSLBY" > msg.txt

To read the contents of a file and decrypt it, saving it to a new file::

   $ m209 dec -f secret.txt > msg.txt

To decrypt from ``stdin``::

   $ cat secret.txt | m209 dec -f -
   RENDE VOUS AT  ERO SEVEN THIRTYXSJQ


.. NOTE::

   In this example, the last group of the encrypted message only has one
   letter. It was padded out to five letters with ``X``'s by the encryption
   process, and thus four "garbage" letters appear at the end in the decrypted
   output.

   Note also that the ``Z`` in ``RENDEZVOUS`` and ``ZERO`` were converted to
   spaces by the decrypt process.

   In both of these cases the operator would have to "fix up" the message
   before passing it up the chain of command.