enc.pod revision 194206 
159191Skris=pod
259191Skris
359191Skris=head1 NAME
459191Skris
559191Skrisenc - symmetric cipher routines
659191Skris
759191Skris=head1 SYNOPSIS
859191Skris
959191SkrisB<openssl enc -ciphername>
1059191Skris[B<-in filename>]
1159191Skris[B<-out filename>]
1259191Skris[B<-pass arg>]
1359191Skris[B<-e>]
1459191Skris[B<-d>]
1559191Skris[B<-a>]
1659191Skris[B<-A>]
1759191Skris[B<-k password>]
1859191Skris[B<-kfile filename>]
1959191Skris[B<-K key>]
2059191Skris[B<-iv IV>]
2159191Skris[B<-p>]
2259191Skris[B<-P>]
2359191Skris[B<-bufsize number>]
24109998Smarkm[B<-nopad>]
2559191Skris[B<-debug>]
2659191Skris
2759191Skris=head1 DESCRIPTION
2859191Skris
2959191SkrisThe symmetric cipher commands allow data to be encrypted or decrypted
3059191Skrisusing various block and stream ciphers using keys based on passwords
3159191Skrisor explicitly provided. Base64 encoding or decoding can also be performed
3259191Skriseither by itself or in addition to the encryption or decryption.
3359191Skris
3459191Skris=head1 OPTIONS
3559191Skris
3659191Skris=over 4
3759191Skris
3859191Skris=item B<-in filename>
3959191Skris
4059191Skristhe input filename, standard input by default.
4159191Skris
4259191Skris=item B<-out filename>
4359191Skris
4459191Skristhe output filename, standard output by default.
4559191Skris
4659191Skris=item B<-pass arg>
4759191Skris
4859191Skristhe password source. For more information about the format of B<arg>
4959191Skrissee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
5059191Skris
5159191Skris=item B<-salt>
5259191Skris
53205128Ssimonuse a salt in the key derivation routines. This option should B<ALWAYS>
5459191Skrisbe used unless compatibility with previous versions of OpenSSL or SSLeay
5559191Skrisis required. This option is only present on OpenSSL versions 0.9.5 or
5659191Skrisabove.
57205128Ssimon
58205128Ssimon=item B<-nosalt>
59205128Ssimon
6059191Skrisdon't use a salt in the key derivation routines. This is the default for
6159191Skriscompatibility with previous versions of OpenSSL and SSLeay.
6259191Skris
6359191Skris=item B<-e>
6459191Skris
6559191Skrisencrypt the input data: this is the default.
6659191Skris
6759191Skris=item B<-d>
6859191Skris
6959191Skrisdecrypt the input data.
7059191Skris
7159191Skris=item B<-a>
7259191Skris
7359191Skrisbase64 process the data. This means that if encryption is taking place
7459191Skristhe data is base64 encoded after encryption. If decryption is set then
7559191Skristhe input data is base64 decoded before being decrypted.
7659191Skris
7759191Skris=item B<-A>
7859191Skris
7959191Skrisif the B<-a> option is set then base64 process the data on one line.
8059191Skris
8159191Skris=item B<-k password>
8259191Skris
8359191Skristhe password to derive the key from. This is for compatibility with previous
8459191Skrisversions of OpenSSL. Superseded by the B<-pass> argument.
8559191Skris
8659191Skris=item B<-kfile filename>
87142425Snectar
8859191Skrisread the password to derive the key from the first line of B<filename>.
8959191SkrisThis is for compatibility with previous versions of OpenSSL. Superseded by
9059191Skristhe B<-pass> argument.
9159191Skris
9259191Skris=item B<-S salt>
9359191Skris
9459191Skristhe actual salt to use: this must be represented as a string comprised only
9559191Skrisof hex digits.
9659191Skris
9759191Skris=item B<-K key>
9879998Skris
9979998Skristhe actual key to use: this must be represented as a string comprised only
10079998Skrisof hex digits. If only the key is specified, the IV must additionally specified
10179998Skrisusing the B<-iv> option. When both a key and a password are specified, the
10279998Skriskey given with the B<-K> option will be used and the IV generated from the
10359191Skrispassword will be taken. It probably does not make much sense to specify
10459191Skrisboth key and password.
10559191Skris
10659191Skris=item B<-iv IV>
10779998Skris
10879998Skristhe actual IV to use: this must be represented as a string comprised only
10979998Skrisof hex digits. When only the key is specified using the B<-K> option, the
11059191SkrisIV must explicitly be defined. When a password is being specified using
11159191Skrisone of the other options, the IV is generated from this password.
11259191Skris
11359191Skris=item B<-p>
11459191Skris
11559191Skrisprint out the key and IV used.
11659191Skris
11759191Skris=item B<-P>
11859191Skris
11959191Skrisprint out the key and IV used then immediately exit: don't do any encryption
12059191Skrisor decryption.
12159191Skris
12259191Skris=item B<-bufsize number>
12359191Skris
124109998Smarkmset the buffer size for I/O
125109998Smarkm
126109998Smarkm=item B<-nopad>
127109998Smarkm
12859191Skrisdisable standard block padding
12959191Skris
13059191Skris=item B<-debug>
13159191Skris
13259191Skrisdebug the BIOs used for I/O.
13359191Skris
13459191Skris=back
13559191Skris
13659191Skris=head1 NOTES
13759191Skris
13859191SkrisThe program can be called either as B<openssl ciphername> or
13959191SkrisB<openssl enc -ciphername>.
14059191Skris
14159191SkrisA password will be prompted for to derive the key and IV if necessary.
14259191Skris
14359191SkrisThe B<-salt> option should B<ALWAYS> be used if the key is being derived
14459191Skrisfrom a password unless you want compatibility with previous versions of
14559191SkrisOpenSSL and SSLeay.
14659191Skris
14759191SkrisWithout the B<-salt> option it is possible to perform efficient dictionary
14859191Skrisattacks on the password and to attack stream cipher encrypted data. The reason
14959191Skrisfor this is that without the salt the same password always generates the same
15059191Skrisencryption key. When the salt is being used the first eight bytes of the
15159191Skrisencrypted data are reserved for the salt: it is generated at random when
15259191Skrisencrypting a file and read from the encrypted file when it is decrypted.
15359191Skris
15459191SkrisSome of the ciphers do not have large keys and others have security
15559191Skrisimplications if not used correctly. A beginner is advised to just use
156109998Smarkma strong block cipher in CBC mode such as bf or des3.
15759191Skris
15859191SkrisAll the block ciphers normally use PKCS#5 padding also known as standard block
15959191Skrispadding: this allows a rudimentary integrity or password check to be
16059191Skrisperformed. However since the chance of random data passing the test is
161109998Smarkmbetter than 1 in 256 it isn't a very good test.
162109998Smarkm
163109998SmarkmIf padding is disabled then the input data must be a multiple of the cipher
16459191Skrisblock length.
16559191Skris
16659191SkrisAll RC2 ciphers have the same key and effective key length.
16759191Skris
16859191SkrisBlowfish and RC5 algorithms use a 128 bit key.
16959191Skris
17059191Skris=head1 SUPPORTED CIPHERS
17159191Skris
17259191Skris base64             Base 64
17359191Skris
17459191Skris bf-cbc             Blowfish in CBC mode
17559191Skris bf                 Alias for bf-cbc
17659191Skris bf-cfb             Blowfish in CFB mode
17759191Skris bf-ecb             Blowfish in ECB mode
17859191Skris bf-ofb             Blowfish in OFB mode
17959191Skris
18059191Skris cast-cbc           CAST in CBC mode
18159191Skris cast               Alias for cast-cbc
18259191Skris cast5-cbc          CAST5 in CBC mode
18359191Skris cast5-cfb          CAST5 in CFB mode
18459191Skris cast5-ecb          CAST5 in ECB mode
18559191Skris cast5-ofb          CAST5 in OFB mode
18659191Skris
18759191Skris des-cbc            DES in CBC mode
18859191Skris des                Alias for des-cbc
18959191Skris des-cfb            DES in CBC mode
19059191Skris des-ofb            DES in OFB mode
19159191Skris des-ecb            DES in ECB mode
192160814Ssimon
19359191Skris des-ede-cbc        Two key triple DES EDE in CBC mode
19459191Skris des-ede            Two key triple DES EDE in ECB mode
19559191Skris des-ede-cfb        Two key triple DES EDE in CFB mode
19659191Skris des-ede-ofb        Two key triple DES EDE in OFB mode
197160814Ssimon
19859191Skris des-ede3-cbc       Three key triple DES EDE in CBC mode
19959191Skris des-ede3           Three key triple DES EDE in ECB mode
20059191Skris des3               Alias for des-ede3-cbc
20159191Skris des-ede3-cfb       Three key triple DES EDE CFB mode
20259191Skris des-ede3-ofb       Three key triple DES EDE in OFB mode
20359191Skris
20459191Skris desx               DESX algorithm.
20559191Skris
20659191Skris idea-cbc           IDEA algorithm in CBC mode
20759191Skris idea               same as idea-cbc
20859191Skris idea-cfb           IDEA in CFB mode
20959191Skris idea-ecb           IDEA in ECB mode
21059191Skris idea-ofb           IDEA in OFB mode
21159191Skris
212160814Ssimon rc2-cbc            128 bit RC2 in CBC mode
213160814Ssimon rc2                Alias for rc2-cbc
214160814Ssimon rc2-cfb            128 bit RC2 in CFB mode
21559191Skris rc2-ecb            128 bit RC2 in ECB mode
21659191Skris rc2-ofb            128 bit RC2 in OFB mode
21759191Skris rc2-64-cbc         64 bit RC2 in CBC mode
21859191Skris rc2-40-cbc         40 bit RC2 in CBC mode
21959191Skris
22059191Skris rc4                128 bit RC4
22159191Skris rc4-64             64 bit RC4
22259191Skris rc4-40             40 bit RC4
22359191Skris
224160814Ssimon rc5-cbc            RC5 cipher in CBC mode
225160814Ssimon rc5                Alias for rc5-cbc
226160814Ssimon rc5-cfb            RC5 cipher in CFB mode
22759191Skris rc5-ecb            RC5 cipher in ECB mode
228194206Ssimon rc5-ofb            RC5 cipher in OFB mode
229194206Ssimon
230194206Ssimon aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
231194206Ssimon aes-[128|192|256]	Alias for aes-[128|192|256]-cbc
232194206Ssimon aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
233194206Ssimon aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
234194206Ssimon aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
235194206Ssimon aes-[128|192|256]-ecb	128/192/256 bit AES in ECB mode
23659191Skris aes-[128|192|256]-ofb	128/192/256 bit AES in OFB mode
23759191Skris
23859191Skris=head1 EXAMPLES
23959191Skris
24059191SkrisJust base64 encode a binary file:
24159191Skris
24259191Skris openssl base64 -in file.bin -out file.b64
24359191Skris
24459191SkrisDecode the same file
24559191Skris
24659191Skris openssl base64 -d -in file.b64 -out file.bin 
24759191Skris
24859191SkrisEncrypt a file using triple DES in CBC mode using a prompted password:
24959191Skris
25059191Skris openssl des3 -salt -in file.txt -out file.des3 
25159191Skris
25259191SkrisDecrypt a file using a supplied password:
25359191Skris
25459191Skris openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
25559191Skris
25659191SkrisEncrypt a file then base64 encode it (so it can be sent via mail for example)
25759191Skrisusing Blowfish in CBC mode:
25859191Skris
25959191Skris openssl bf -a -salt -in file.txt -out file.bf
26059191Skris
26159191SkrisBase64 decode a file then decrypt it:
26259191Skris
26359191Skris openssl bf -d -salt -a -in file.bf -out file.txt
26459191Skris
26559191SkrisDecrypt some data using a supplied 40 bit RC4 key:
26659191Skris
26759191Skris openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
26859191Skris
26959191Skris=head1 BUGS
27059191Skris
27159191SkrisThe B<-A> option when used with large files doesn't work properly.
27259191Skris
273109998SmarkmThere should be an option to allow an iteration count to be included.
274109998Smarkm
275109998SmarkmThe B<enc> program only supports a fixed number of algorithms with
27659191Skriscertain parameters. So if, for example, you want to use RC2 with a
27759191Skris76 bit key or RC4 with an 84 bit key you can't use this program.
278
279=cut
280