Encryption and authentication may be used to protect data stored in computers. Many computer systems encrypt passwords in a one-way fashion for storage in the computer memory.
When a user signs on the computer and enters the password, it is encrypted and compared with the stored value. If the two encryptions are equal the user is permitted access to the computer; otherwise access is denied. The encrypted password is often created by using DES; setting the key equal to the password and the plaintext equal to the user's identity. A Fortran program for implementing this function is given in the NBS Standard for Password Usage
The DES can also be used to encrypt computer files for storage. It also used as key notarisation system which may be integrated into computer systems to protect files from undetected modification and disclosure, and to provide a digital signature capability using the DES. Users have the capability of exercising a set of commands for key management as well as for data encryption and authentication functions. The facilities perform notarisation which, on encryption, seals a key or password with the identities of the transmitter and intended receiver. Thus, in order to decrypt a message, the receiver must be authenticated and must supply the correct identity of the transmitter. This notarisation technique is used in ANSI standard to protect against key substitutions which could lead to the compromise of sensitive data.
The key notarization system that incorporates the DES may also be used in conjunction with a mail system to provide for secure mail. A cryptographic header that contains the information necessary to decrypt and authenticate a mail file is automatically appended to the file that is transmitted to the receiver. The receiver may then decrypt and authenticate the file in a near transparent manner.