159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skrisenc - symmetric cipher routines 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl enc -ciphername> 1059191Skris[B<-in filename>] 1159191Skris[B<-out filename>] 1259191Skris[B<-pass arg>] 1359191Skris[B<-e>] 1459191Skris[B<-d>] 15238405Sjkim[B<-a/-base64>] 1659191Skris[B<-A>] 1759191Skris[B<-k password>] 1859191Skris[B<-kfile filename>] 1959191Skris[B<-K key>] 2059191Skris[B<-iv IV>] 21238405Sjkim[B<-S salt>] 22238405Sjkim[B<-salt>] 23238405Sjkim[B<-nosalt>] 24238405Sjkim[B<-z>] 25238405Sjkim[B<-md>] 2659191Skris[B<-p>] 2759191Skris[B<-P>] 2859191Skris[B<-bufsize number>] 29109998Smarkm[B<-nopad>] 3059191Skris[B<-debug>] 31238405Sjkim[B<-none>] 32238405Sjkim[B<-engine id>] 3359191Skris 3459191Skris=head1 DESCRIPTION 3559191Skris 3659191SkrisThe symmetric cipher commands allow data to be encrypted or decrypted 3759191Skrisusing various block and stream ciphers using keys based on passwords 3859191Skrisor explicitly provided. Base64 encoding or decoding can also be performed 3959191Skriseither by itself or in addition to the encryption or decryption. 4059191Skris 4159191Skris=head1 OPTIONS 4259191Skris 4359191Skris=over 4 4459191Skris 4559191Skris=item B<-in filename> 4659191Skris 4759191Skristhe input filename, standard input by default. 4859191Skris 4959191Skris=item B<-out filename> 5059191Skris 5159191Skristhe output filename, standard output by default. 5259191Skris 5359191Skris=item B<-pass arg> 5459191Skris 5559191Skristhe password source. For more information about the format of B<arg> 5659191Skrissee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 5759191Skris 5859191Skris=item B<-salt> 5959191Skris 60205128Ssimonuse a salt in the key derivation routines. This is the default. 6159191Skris 6259191Skris=item B<-nosalt> 6359191Skris 64205128Ssimondon't use a salt in the key derivation routines. This option B<SHOULD NOT> be 65205128Ssimonused except for test purposes or compatibility with ancient versions of OpenSSL 66205128Ssimonand SSLeay. 6759191Skris 6859191Skris=item B<-e> 6959191Skris 7059191Skrisencrypt the input data: this is the default. 7159191Skris 7259191Skris=item B<-d> 7359191Skris 7459191Skrisdecrypt the input data. 7559191Skris 7659191Skris=item B<-a> 7759191Skris 7859191Skrisbase64 process the data. This means that if encryption is taking place 7959191Skristhe data is base64 encoded after encryption. If decryption is set then 8059191Skristhe input data is base64 decoded before being decrypted. 8159191Skris 82238405Sjkim=item B<-base64> 83238405Sjkim 84238405Sjkimsame as B<-a> 85238405Sjkim 8659191Skris=item B<-A> 8759191Skris 8859191Skrisif the B<-a> option is set then base64 process the data on one line. 8959191Skris 9059191Skris=item B<-k password> 9159191Skris 9259191Skristhe password to derive the key from. This is for compatibility with previous 9359191Skrisversions of OpenSSL. Superseded by the B<-pass> argument. 9459191Skris 9559191Skris=item B<-kfile filename> 9659191Skris 9759191Skrisread the password to derive the key from the first line of B<filename>. 98142425SnectarThis is for compatibility with previous versions of OpenSSL. Superseded by 9959191Skristhe B<-pass> argument. 10059191Skris 101238405Sjkim=item B<-nosalt> 102238405Sjkim 103238405Sjkimdo not use a salt 104238405Sjkim 105238405Sjkim=item B<-salt> 106238405Sjkim 107238405Sjkimuse salt (randomly generated or provide with B<-S> option) when 108238405Sjkimencrypting (this is the default). 109238405Sjkim 11059191Skris=item B<-S salt> 11159191Skris 112238405Sjkimthe actual salt to use: this must be represented as a string of hex digits. 11359191Skris 11459191Skris=item B<-K key> 11559191Skris 11659191Skristhe actual key to use: this must be represented as a string comprised only 11779998Skrisof hex digits. If only the key is specified, the IV must additionally specified 11879998Skrisusing the B<-iv> option. When both a key and a password are specified, the 11979998Skriskey given with the B<-K> option will be used and the IV generated from the 12079998Skrispassword will be taken. It probably does not make much sense to specify 12179998Skrisboth key and password. 12259191Skris 12359191Skris=item B<-iv IV> 12459191Skris 12559191Skristhe actual IV to use: this must be represented as a string comprised only 12679998Skrisof hex digits. When only the key is specified using the B<-K> option, the 12779998SkrisIV must explicitly be defined. When a password is being specified using 12879998Skrisone of the other options, the IV is generated from this password. 12959191Skris 13059191Skris=item B<-p> 13159191Skris 13259191Skrisprint out the key and IV used. 13359191Skris 13459191Skris=item B<-P> 13559191Skris 13659191Skrisprint out the key and IV used then immediately exit: don't do any encryption 13759191Skrisor decryption. 13859191Skris 13959191Skris=item B<-bufsize number> 14059191Skris 14159191Skrisset the buffer size for I/O 14259191Skris 143109998Smarkm=item B<-nopad> 144109998Smarkm 145109998Smarkmdisable standard block padding 146109998Smarkm 14759191Skris=item B<-debug> 14859191Skris 14959191Skrisdebug the BIOs used for I/O. 15059191Skris 151238405Sjkim=item B<-z> 152238405Sjkim 153238405SjkimCompress or decompress clear text using zlib before encryption or after 154238405Sjkimdecryption. This option exists only if OpenSSL with compiled with zlib 155238405Sjkimor zlib-dynamic option. 156238405Sjkim 157238405Sjkim=item B<-none> 158238405Sjkim 159238405SjkimUse NULL cipher (no encryption or decryption of input). 160238405Sjkim 16159191Skris=back 16259191Skris 16359191Skris=head1 NOTES 16459191Skris 16559191SkrisThe program can be called either as B<openssl ciphername> or 166238405SjkimB<openssl enc -ciphername>. But the first form doesn't work with 167238405Sjkimengine-provided ciphers, because this form is processed before the 168238405Sjkimconfiguration file is read and any ENGINEs loaded. 16959191Skris 170238405SjkimEngines which provide entirely new encryption algorithms (such as ccgost 171238405Sjkimengine which provides gost89 algorithm) should be configured in the 172238405Sjkimconfiguration file. Engines, specified in the command line using -engine 173238405Sjkimoptions can only be used for hadrware-assisted implementations of 174238405Sjkimciphers, which are supported by OpenSSL core or other engine, specified 175238405Sjkimin the configuration file. 176238405Sjkim 177238405SjkimWhen enc command lists supported ciphers, ciphers provided by engines, 178238405Sjkimspecified in the configuration files are listed too. 179238405Sjkim 18059191SkrisA password will be prompted for to derive the key and IV if necessary. 18159191Skris 18259191SkrisThe B<-salt> option should B<ALWAYS> be used if the key is being derived 18359191Skrisfrom a password unless you want compatibility with previous versions of 18459191SkrisOpenSSL and SSLeay. 18559191Skris 18659191SkrisWithout the B<-salt> option it is possible to perform efficient dictionary 18759191Skrisattacks on the password and to attack stream cipher encrypted data. The reason 18859191Skrisfor this is that without the salt the same password always generates the same 18959191Skrisencryption key. When the salt is being used the first eight bytes of the 19059191Skrisencrypted data are reserved for the salt: it is generated at random when 19159191Skrisencrypting a file and read from the encrypted file when it is decrypted. 19259191Skris 19359191SkrisSome of the ciphers do not have large keys and others have security 19459191Skrisimplications if not used correctly. A beginner is advised to just use 19559191Skrisa strong block cipher in CBC mode such as bf or des3. 19659191Skris 197109998SmarkmAll the block ciphers normally use PKCS#5 padding also known as standard block 19859191Skrispadding: this allows a rudimentary integrity or password check to be 19959191Skrisperformed. However since the chance of random data passing the test is 20059191Skrisbetter than 1 in 256 it isn't a very good test. 20159191Skris 202109998SmarkmIf padding is disabled then the input data must be a multiple of the cipher 203109998Smarkmblock length. 204109998Smarkm 20559191SkrisAll RC2 ciphers have the same key and effective key length. 20659191Skris 20759191SkrisBlowfish and RC5 algorithms use a 128 bit key. 20859191Skris 20959191Skris=head1 SUPPORTED CIPHERS 21059191Skris 211238405SjkimNote that some of these ciphers can be disabled at compile time 212238405Sjkimand some are available only if an appropriate engine is configured 213238405Sjkimin the configuration file. The output of the B<enc> command run with 214238405Sjkimunsupported options (for example B<openssl enc -help>) includes a 215238405Sjkimlist of ciphers, supported by your versesion of OpenSSL, including 216238405Sjkimones provided by configured engines. 217238405Sjkim 218267258SjkimThe B<enc> program does not support authenticated encryption modes 219267258Sjkimlike CCM and GCM. The utility does not store or retrieve the 220267258Sjkimauthentication tag. 221238405Sjkim 222267258Sjkim 22359191Skris base64 Base 64 22459191Skris 22559191Skris bf-cbc Blowfish in CBC mode 22659191Skris bf Alias for bf-cbc 22759191Skris bf-cfb Blowfish in CFB mode 22859191Skris bf-ecb Blowfish in ECB mode 22959191Skris bf-ofb Blowfish in OFB mode 23059191Skris 23159191Skris cast-cbc CAST in CBC mode 23259191Skris cast Alias for cast-cbc 23359191Skris cast5-cbc CAST5 in CBC mode 23459191Skris cast5-cfb CAST5 in CFB mode 23559191Skris cast5-ecb CAST5 in ECB mode 23659191Skris cast5-ofb CAST5 in OFB mode 23759191Skris 23859191Skris des-cbc DES in CBC mode 23959191Skris des Alias for des-cbc 24059191Skris des-cfb DES in CBC mode 24159191Skris des-ofb DES in OFB mode 24259191Skris des-ecb DES in ECB mode 24359191Skris 24459191Skris des-ede-cbc Two key triple DES EDE in CBC mode 245160814Ssimon des-ede Two key triple DES EDE in ECB mode 24659191Skris des-ede-cfb Two key triple DES EDE in CFB mode 24759191Skris des-ede-ofb Two key triple DES EDE in OFB mode 24859191Skris 24959191Skris des-ede3-cbc Three key triple DES EDE in CBC mode 250160814Ssimon des-ede3 Three key triple DES EDE in ECB mode 25159191Skris des3 Alias for des-ede3-cbc 25259191Skris des-ede3-cfb Three key triple DES EDE CFB mode 25359191Skris des-ede3-ofb Three key triple DES EDE in OFB mode 25459191Skris 25559191Skris desx DESX algorithm. 25659191Skris 257238405Sjkim gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) 258238405Sjkim gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine) 259238405Sjkim 26059191Skris idea-cbc IDEA algorithm in CBC mode 26159191Skris idea same as idea-cbc 26259191Skris idea-cfb IDEA in CFB mode 26359191Skris idea-ecb IDEA in ECB mode 26459191Skris idea-ofb IDEA in OFB mode 26559191Skris 26659191Skris rc2-cbc 128 bit RC2 in CBC mode 26759191Skris rc2 Alias for rc2-cbc 268160814Ssimon rc2-cfb 128 bit RC2 in CFB mode 269160814Ssimon rc2-ecb 128 bit RC2 in ECB mode 270160814Ssimon rc2-ofb 128 bit RC2 in OFB mode 27159191Skris rc2-64-cbc 64 bit RC2 in CBC mode 27259191Skris rc2-40-cbc 40 bit RC2 in CBC mode 27359191Skris 27459191Skris rc4 128 bit RC4 27559191Skris rc4-64 64 bit RC4 27659191Skris rc4-40 40 bit RC4 27759191Skris 27859191Skris rc5-cbc RC5 cipher in CBC mode 27959191Skris rc5 Alias for rc5-cbc 280160814Ssimon rc5-cfb RC5 cipher in CFB mode 281160814Ssimon rc5-ecb RC5 cipher in ECB mode 282160814Ssimon rc5-ofb RC5 cipher in OFB mode 28359191Skris 284194206Ssimon aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode 285194206Ssimon aes-[128|192|256] Alias for aes-[128|192|256]-cbc 286194206Ssimon aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode 287194206Ssimon aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode 288194206Ssimon aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode 289194206Ssimon aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode 290194206Ssimon aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode 291194206Ssimon 29259191Skris=head1 EXAMPLES 29359191Skris 29459191SkrisJust base64 encode a binary file: 29559191Skris 29659191Skris openssl base64 -in file.bin -out file.b64 29759191Skris 29859191SkrisDecode the same file 29959191Skris 30059191Skris openssl base64 -d -in file.b64 -out file.bin 30159191Skris 30259191SkrisEncrypt a file using triple DES in CBC mode using a prompted password: 30359191Skris 30459191Skris openssl des3 -salt -in file.txt -out file.des3 30559191Skris 30659191SkrisDecrypt a file using a supplied password: 30759191Skris 30859191Skris openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword 30959191Skris 31059191SkrisEncrypt a file then base64 encode it (so it can be sent via mail for example) 31159191Skrisusing Blowfish in CBC mode: 31259191Skris 31359191Skris openssl bf -a -salt -in file.txt -out file.bf 31459191Skris 31559191SkrisBase64 decode a file then decrypt it: 31659191Skris 31759191Skris openssl bf -d -salt -a -in file.bf -out file.txt 31859191Skris 31959191SkrisDecrypt some data using a supplied 40 bit RC4 key: 32059191Skris 32159191Skris openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 32259191Skris 32359191Skris=head1 BUGS 32459191Skris 32559191SkrisThe B<-A> option when used with large files doesn't work properly. 32659191Skris 32759191SkrisThere should be an option to allow an iteration count to be included. 32859191Skris 329109998SmarkmThe B<enc> program only supports a fixed number of algorithms with 330109998Smarkmcertain parameters. So if, for example, you want to use RC2 with a 331109998Smarkm76 bit key or RC4 with an 84 bit key you can't use this program. 33259191Skris 33359191Skris=cut 334