ice [ -CDNZ ] [ -p passwd ] [ -l level ] [ file ... ]
deice [ -CNZ ] [ -p passwd ] [ -l level ] [ file ... ]
The ICE encryption algorithm allows key lengths of any multiple of 64 bits by specifying the encryption level. Specifying a level greater than 1 allows long passwords, and correspondingly higher security. The drawback is slower encryption.
This program only uses the lower 7 bits from each character in the password, so the first 10 characters are significant when using levels 0 or 1. For higher levels n, the key size is 64n, so the useful password length will be (64n + 6)/7. Short passwords will be padded out with zeroes.
The deice program is typically a symbolic link to the ice executable, since the program automatically uses decrypt mode if the name of the executable begins with the characters "de".
When encrypting, a new file will be created with a .ice suffix, and the original file deleted. Before deletion, the original file is overwritten with zeroes to minimize the chance that the data remains in the filesystem. Where possible the new file will have the same permissions as the original. If no files are specified, data will be read from standard input.
For decryption, the files must have a .ice suffix, or there must be a file.ice for every file. The program will check that the data is ICE-encrypted, but it will give no indication as to whether the correct password is being used, so beware.
The encrypted file format contains "ice" as the first three characters, followed the value of the character "0" added to the ICE level being used. The next eight bytes contain the initialization vector, followed by the actual encrypted data. This information, plus padding of the last block, will increase the file size by between 13 and 20 bytes.
The next example will encrypt the same file with a command-line password using level 2 ICE.
ice -l2 -p"The first 19 charac" foo
The resulting file can be decrypted with
deice -p"The first 19 charac" foo.ice