.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "GEN-AUTH 1"
.TH GEN-AUTH 1 "2022-02-22" "perl v5.34.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
gen\-auth \- generate various authentication strings
.SH "USAGE"
.IX Header "USAGE"
gen-auth [\-\-help|\-\-version] | <type> ...
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
gen-auth is tool to assist in all kinds of authentication / encoding / decoding / encrypting tasks.  It began life as an smtp-specific tool, but has drifted in functionality over time.
.PP
The program actions are broken down into types of encoding to generate.
Each <type> then takes its own specific args.  The arguments are expected
in a specific order on the command line.  Every argument that isn't
available on the command line will be prompted for.  One benefit to this is
arguments corresponding to passwords will not be echoed to the terminal when
prompted for.
.SH "TYPES"
.IX Header "TYPES"
The program action is controlled by the first argument.  The meaning of the
following arguments is specified by this type
.IP "\s-1PLAIN\s0 <username> <password>" 4
.IX Item "PLAIN <username> <password>"
This type generates a \s-1PLAIN\s0 (\s-1RFC 2595\s0) authentication string.  It accepts
supplemental arguments of username and password.  It generates a Base64
encoded string \*(L"\e0<username>\e0<password>\*(R".
.IP "\s-1LOGIN\s0 <username> <password>" 4
.IX Item "LOGIN <username> <password>"
This method accepts username and password as supplemental args.  It simply
returns each string Base64 encoded.  This provides only minimal advantages
over using \s-1ENCODE\s0 twice.  One advantage is hiding the password if you
provide it on \s-1STDIN\s0
.IP "\s-1CRAM\-MD5\s0 <username> <password> <challenge>" 4
.IX Item "CRAM-MD5 <username> <password> <challenge>"
\&\s-1CRAM\-MD5\s0 (\s-1RFC 2195\s0) accepts three supplemental arguments.  The first is the username and
the second is the password.  The third is the challenge string provided
by the server.  This string can be either Base64 encoded or not.  The \s-1RFC\s0 states
that all (unencoded) challenge strings must start w/ '<'.  This is used to
whether the string is Base64 encoded or not.
.Sp
\&\s-1CRAM\-MD5\s0 uses the challenge and the supplied password to generate a digest.
it then returns the Base64 encoded version of the string md5(\*(L"<username> <challenge>\*(R")
.Sp
This authentication method requires the Digest::MD5 perl module to be installed.
.IP "\s-1CRAM\-SHA1\s0 <username> <password> <challenge>" 4
.IX Item "CRAM-SHA1 <username> <password> <challenge>"
This behaves the same as \s-1CRAM\-MD5\s0 but uses \s-1SHA1\s0 digesting rather than \s-1MD5.\s0
.Sp
This authentication method requires the Digest::SHA1 perl module to be installed.
.IP "\s-1NTLM/SPA/MSN\s0 <username> <password> <domain> <challenge>" 4
.IX Item "NTLM/SPA/MSN <username> <password> <domain> <challenge>"
Although it may be advertised as one of the above types, this method of authentication if refered to singularly as \s-1NTLM.\s0  This is a multi-step authentication type.  The first 3 arguments must be supplied up front.  They are username, password, and domain, in that order.  These three strings are used to generate an \*(L"Auth Request\*(R" string.  This string should be passed verbatim to the server.  The server will then respond with a challenge.  This challenge is the fourth argument.  After receiving the server challenge, gen-auth will produce an \*(L"Auth Response\*(R".  Posting this response to the server completes the \s-1NTLM\s0 authentication transaction.
.Sp
This authentication method requires the Authen::NTLM perl module to be installed.  See \s-1EXAMPLES\s0 for an example of this transaction.  Note also that 'domain' is often blank from client or ignored by server.
.IP "HTTP-BASIC <username> <password>" 4
.IX Item "HTTP-BASIC <username> <password>"
Returns the value base64(\*(L"<username>:<password>\*(R").  Used for \s-1HTTP\s0 Basic authentication (\s-1RFC 2617\s0).  Used by adding a header \*(L"Authorization: Basic <string>\*(R" to a \s-1HTTP\s0 request where <string> is the output of this command.
.IP "\s-1APOP\s0 <challenge> <password>" 4
.IX Item "APOP <challenge> <password>"
This implements the \s-1APOP\s0 authentication for the \s-1POP3\s0 protocol as described in \s-1RFC 1939.\s0  <challenge> is the challenge string presented by the \s-1POP3\s0 server in the greeting banner.  <password> is the \*(L"secret\*(R" (usually a password) used to authenticate the user.  This method returns a digest md5(\*(L"<challenge><password>\*(R").  This can be used to authenticate to a \s-1POP3\s0 server in a string like \*(L"\s-1APOP\s0 <user> <digest>\*(R" where <digest> is the string generated by this command.
.Sp
\&\s-1APOP\s0 required the Digest::MD5 perl module.
.IP "\s-1ENCODE\s0 <string>" 4
.IX Item "ENCODE <string>"
Simply Base64 encodes a plaintext string.  Provided as a convenience function.
.IP "\s-1DECODE\s0 <string>" 4
.IX Item "DECODE <string>"
Decodes a Base64 encoded string.  Provided as a convenience function.
.IP "\s-1MD5/MD5\-HEX\s0 <string>" 4
.IX Item "MD5/MD5-HEX <string>"
Provides an \s-1MD5\s0 digest of the supplied string in hex.
.IP "\s-1MD5\-BASE64\s0 <string>" 4
.IX Item "MD5-BASE64 <string>"
Provides an \s-1MD5\s0 digest of the supplied string in Base64.
.IP "\s-1ENCRYPT\s0 <string>" 4
.IX Item "ENCRYPT <string>"
Returns a \fBcrypt\fR\|(3) string generated from the input string.
.IP "\s-1SALTENCRYPT\s0 <string> <salt>" 4
.IX Item "SALTENCRYPT <string> <salt>"
Same as \s-1ENCRYPT\s0 but you provide the salt as the second argument.  See \fBcrypt\fR\|(3) man page for details.
.IP "\s-1ROT13\s0 <string>" 4
.IX Item "ROT13 <string>"
This performs a rot13 action on <string>.  This implementation only performs the action on \s-1ASCII 65\-90,97\-123.\s0  Any other character value is left untouched.  Therefore this method is primarily for LOCALE=C, \s-1ASCII\s0 only.  Feel free to send patches if you care to have it work in another setting.
.IP "\s-1ATBASH\s0 <string>" 4
.IX Item "ATBASH <string>"
This performs an atbash action on <string>.  Atbash mirrors a string such that 'a'=='z', 'b'=='y', etc.  See the comments on locale and character set under \s-1ROT13.\s0
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\-s" 4
.IX Item "-s"
Supresses echo on all input fields read from standard input.  If this option is not used, echo is suppressed on fields which are known to be password fields but this may not be secure enough.
.IP "\-\-help" 4
.IX Item "--help"
this screen.
.IP "\-\-version" 4
.IX Item "--version"
version info.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
.IP "generate a \s-1PLAIN AUTH\s0 string for user 'tim', password 'tanstaaftanstaaf'" 4
.IX Item "generate a PLAIN AUTH string for user 'tim', password 'tanstaaftanstaaf'"
.Vb 2
\&  > gen\-auth plain tim tanstaaftanstaaf
\&  Auth String: AHRpbQB0YW5zdGFhZnRhbnN0YWFm
.Ve
.IP "generate a \s-1CRAM\-MD5\s0 string for user 'tim', password 'tanstaaftanstaaf', challenge '<1896.697170952@postoffice.reston.mci.net>', using prompt to hide password" 4
.IX Item "generate a CRAM-MD5 string for user 'tim', password 'tanstaaftanstaaf', challenge '<1896.697170952@postoffice.reston.mci.net>', using prompt to hide password"
.Vb 5
\&  > gen\-auth cram\-md5                  
\&  username: tim
\&  password: 
\&  challenge: PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
\&  dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
.Ve
.IP "use the \s-1DECODE\s0 method to ensure we provided the correct output in our last example" 4
.IX Item "use the DECODE method to ensure we provided the correct output in our last example"
.Vb 2
\&  > gen\-auth decode dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
\&  tim b913a602c7eda7a495b4e6e7334d3890
.Ve
.IP "use the \s-1NTLM\s0 (\s-1MSN\s0) method to authenticate to a mail server using user 'tim', password 'tanstaaftanstaaf', and domain \s-1MAIL.\s0  Both the gen-auth transaction and \s-1SMTP\s0 transaction are shown to demonstrate the interaction between the two." 4
.IX Item "use the NTLM (MSN) method to authenticate to a mail server using user 'tim', password 'tanstaaftanstaaf', and domain MAIL. Both the gen-auth transaction and SMTP transaction are shown to demonstrate the interaction between the two."
.Vb 6
\&  AUTH MSN
\&  334 NTLM supported
\&  TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
\&  334 TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
\&  TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
\&  235 Authentication succeeded
\&
\&  > gen\-auth spa
\&  username: tim
\&  password: 
\&  domain: MAIL
\&  Auth Request: TlRMTVNTUAABAAAAB7IAAAMAAwAgAAAABAAEACMAAAB0aW1NQUlM
\&  challenge: TlRMTVNTUAACAAAAAAAAAAAoAAABggAA9RH5KZlXvygAAACAAAAAZL//4sQAAAAC
\&  Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAABgAGAHAAAAAGAAYAdgAAAAAAAAA8AAAAAYIAAK3lcO8PldNxIrkbvgKGJRR5owQePUtYaTtLVgfQiVQBywW2yZKyp+VFGqYfgDtdEHQAaQBtAHQAaQBtAA==
.Ve
.SH "REQUIRES"
.IX Header "REQUIRES"
.IP "MIME::Base64" 4
.IX Item "MIME::Base64"
Required for all functionality
.IP "Digest::MD5" 4
.IX Item "Digest::MD5"
Required for \s-1MD5, MD5\-BASE64, CRAM\-MD5, APOP\s0
.IP "Digest::SHA1" 4
.IX Item "Digest::SHA1"
Required for \s-1CRAM\-SHA1\s0
.IP "Authen::NTLM" 4
.IX Item "Authen::NTLM"
Required for \s-1NTLM/MSN/SPA\s0
.SH "EXIT CODES"
.IX Header "EXIT CODES"
.IP "0 \- no errors occurred" 4
.IX Item "0 - no errors occurred"
.PD 0
.IP "1 \- unrecognized type specified" 4
.IX Item "1 - unrecognized type specified"
.PD
.SH "CONTACT"
.IX Header "CONTACT"
.IP "proj\-gen\-auth@jetmore.net" 4
.IX Item "proj-gen-auth@jetmore.net"