enc.pod revision 194206
159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skrisenc - symmetric cipher routines 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl enc -ciphername> 1059191Skris[B<-in filename>] 1159191Skris[B<-out filename>] 1259191Skris[B<-pass arg>] 1359191Skris[B<-e>] 1459191Skris[B<-d>] 1559191Skris[B<-a>] 1659191Skris[B<-A>] 1759191Skris[B<-k password>] 1859191Skris[B<-kfile filename>] 1959191Skris[B<-K key>] 2059191Skris[B<-iv IV>] 2159191Skris[B<-p>] 2259191Skris[B<-P>] 2359191Skris[B<-bufsize number>] 24109998Smarkm[B<-nopad>] 2559191Skris[B<-debug>] 2659191Skris 2759191Skris=head1 DESCRIPTION 2859191Skris 2959191SkrisThe symmetric cipher commands allow data to be encrypted or decrypted 3059191Skrisusing various block and stream ciphers using keys based on passwords 3159191Skrisor explicitly provided. Base64 encoding or decoding can also be performed 3259191Skriseither by itself or in addition to the encryption or decryption. 3359191Skris 3459191Skris=head1 OPTIONS 3559191Skris 3659191Skris=over 4 3759191Skris 3859191Skris=item B<-in filename> 3959191Skris 4059191Skristhe input filename, standard input by default. 4159191Skris 4259191Skris=item B<-out filename> 4359191Skris 4459191Skristhe output filename, standard output by default. 4559191Skris 4659191Skris=item B<-pass arg> 4759191Skris 4859191Skristhe password source. For more information about the format of B<arg> 4959191Skrissee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 5059191Skris 5159191Skris=item B<-salt> 5259191Skris 53205128Ssimonuse a salt in the key derivation routines. This option should B<ALWAYS> 5459191Skrisbe used unless compatibility with previous versions of OpenSSL or SSLeay 5559191Skrisis required. This option is only present on OpenSSL versions 0.9.5 or 5659191Skrisabove. 57205128Ssimon 58205128Ssimon=item B<-nosalt> 59205128Ssimon 6059191Skrisdon't use a salt in the key derivation routines. This is the default for 6159191Skriscompatibility with previous versions of OpenSSL and SSLeay. 6259191Skris 6359191Skris=item B<-e> 6459191Skris 6559191Skrisencrypt the input data: this is the default. 6659191Skris 6759191Skris=item B<-d> 6859191Skris 6959191Skrisdecrypt the input data. 7059191Skris 7159191Skris=item B<-a> 7259191Skris 7359191Skrisbase64 process the data. This means that if encryption is taking place 7459191Skristhe data is base64 encoded after encryption. If decryption is set then 7559191Skristhe input data is base64 decoded before being decrypted. 7659191Skris 7759191Skris=item B<-A> 7859191Skris 7959191Skrisif the B<-a> option is set then base64 process the data on one line. 8059191Skris 8159191Skris=item B<-k password> 8259191Skris 8359191Skristhe password to derive the key from. This is for compatibility with previous 8459191Skrisversions of OpenSSL. Superseded by the B<-pass> argument. 8559191Skris 8659191Skris=item B<-kfile filename> 87142425Snectar 8859191Skrisread the password to derive the key from the first line of B<filename>. 8959191SkrisThis is for compatibility with previous versions of OpenSSL. Superseded by 9059191Skristhe B<-pass> argument. 9159191Skris 9259191Skris=item B<-S salt> 9359191Skris 9459191Skristhe actual salt to use: this must be represented as a string comprised only 9559191Skrisof hex digits. 9659191Skris 9759191Skris=item B<-K key> 9879998Skris 9979998Skristhe actual key to use: this must be represented as a string comprised only 10079998Skrisof hex digits. If only the key is specified, the IV must additionally specified 10179998Skrisusing the B<-iv> option. When both a key and a password are specified, the 10279998Skriskey given with the B<-K> option will be used and the IV generated from the 10359191Skrispassword will be taken. It probably does not make much sense to specify 10459191Skrisboth key and password. 10559191Skris 10659191Skris=item B<-iv IV> 10779998Skris 10879998Skristhe actual IV to use: this must be represented as a string comprised only 10979998Skrisof hex digits. When only the key is specified using the B<-K> option, the 11059191SkrisIV must explicitly be defined. When a password is being specified using 11159191Skrisone of the other options, the IV is generated from this password. 11259191Skris 11359191Skris=item B<-p> 11459191Skris 11559191Skrisprint out the key and IV used. 11659191Skris 11759191Skris=item B<-P> 11859191Skris 11959191Skrisprint out the key and IV used then immediately exit: don't do any encryption 12059191Skrisor decryption. 12159191Skris 12259191Skris=item B<-bufsize number> 12359191Skris 124109998Smarkmset the buffer size for I/O 125109998Smarkm 126109998Smarkm=item B<-nopad> 127109998Smarkm 12859191Skrisdisable standard block padding 12959191Skris 13059191Skris=item B<-debug> 13159191Skris 13259191Skrisdebug the BIOs used for I/O. 13359191Skris 13459191Skris=back 13559191Skris 13659191Skris=head1 NOTES 13759191Skris 13859191SkrisThe program can be called either as B<openssl ciphername> or 13959191SkrisB<openssl enc -ciphername>. 14059191Skris 14159191SkrisA password will be prompted for to derive the key and IV if necessary. 14259191Skris 14359191SkrisThe B<-salt> option should B<ALWAYS> be used if the key is being derived 14459191Skrisfrom a password unless you want compatibility with previous versions of 14559191SkrisOpenSSL and SSLeay. 14659191Skris 14759191SkrisWithout the B<-salt> option it is possible to perform efficient dictionary 14859191Skrisattacks on the password and to attack stream cipher encrypted data. The reason 14959191Skrisfor this is that without the salt the same password always generates the same 15059191Skrisencryption key. When the salt is being used the first eight bytes of the 15159191Skrisencrypted data are reserved for the salt: it is generated at random when 15259191Skrisencrypting a file and read from the encrypted file when it is decrypted. 15359191Skris 15459191SkrisSome of the ciphers do not have large keys and others have security 15559191Skrisimplications if not used correctly. A beginner is advised to just use 156109998Smarkma strong block cipher in CBC mode such as bf or des3. 15759191Skris 15859191SkrisAll the block ciphers normally use PKCS#5 padding also known as standard block 15959191Skrispadding: this allows a rudimentary integrity or password check to be 16059191Skrisperformed. However since the chance of random data passing the test is 161109998Smarkmbetter than 1 in 256 it isn't a very good test. 162109998Smarkm 163109998SmarkmIf padding is disabled then the input data must be a multiple of the cipher 16459191Skrisblock length. 16559191Skris 16659191SkrisAll RC2 ciphers have the same key and effective key length. 16759191Skris 16859191SkrisBlowfish and RC5 algorithms use a 128 bit key. 16959191Skris 17059191Skris=head1 SUPPORTED CIPHERS 17159191Skris 17259191Skris base64 Base 64 17359191Skris 17459191Skris bf-cbc Blowfish in CBC mode 17559191Skris bf Alias for bf-cbc 17659191Skris bf-cfb Blowfish in CFB mode 17759191Skris bf-ecb Blowfish in ECB mode 17859191Skris bf-ofb Blowfish in OFB mode 17959191Skris 18059191Skris cast-cbc CAST in CBC mode 18159191Skris cast Alias for cast-cbc 18259191Skris cast5-cbc CAST5 in CBC mode 18359191Skris cast5-cfb CAST5 in CFB mode 18459191Skris cast5-ecb CAST5 in ECB mode 18559191Skris cast5-ofb CAST5 in OFB mode 18659191Skris 18759191Skris des-cbc DES in CBC mode 18859191Skris des Alias for des-cbc 18959191Skris des-cfb DES in CBC mode 19059191Skris des-ofb DES in OFB mode 19159191Skris des-ecb DES in ECB mode 192160814Ssimon 19359191Skris des-ede-cbc Two key triple DES EDE in CBC mode 19459191Skris des-ede Two key triple DES EDE in ECB mode 19559191Skris des-ede-cfb Two key triple DES EDE in CFB mode 19659191Skris des-ede-ofb Two key triple DES EDE in OFB mode 197160814Ssimon 19859191Skris des-ede3-cbc Three key triple DES EDE in CBC mode 19959191Skris des-ede3 Three key triple DES EDE in ECB mode 20059191Skris des3 Alias for des-ede3-cbc 20159191Skris des-ede3-cfb Three key triple DES EDE CFB mode 20259191Skris des-ede3-ofb Three key triple DES EDE in OFB mode 20359191Skris 20459191Skris desx DESX algorithm. 20559191Skris 20659191Skris idea-cbc IDEA algorithm in CBC mode 20759191Skris idea same as idea-cbc 20859191Skris idea-cfb IDEA in CFB mode 20959191Skris idea-ecb IDEA in ECB mode 21059191Skris idea-ofb IDEA in OFB mode 21159191Skris 212160814Ssimon rc2-cbc 128 bit RC2 in CBC mode 213160814Ssimon rc2 Alias for rc2-cbc 214160814Ssimon rc2-cfb 128 bit RC2 in CFB mode 21559191Skris rc2-ecb 128 bit RC2 in ECB mode 21659191Skris rc2-ofb 128 bit RC2 in OFB mode 21759191Skris rc2-64-cbc 64 bit RC2 in CBC mode 21859191Skris rc2-40-cbc 40 bit RC2 in CBC mode 21959191Skris 22059191Skris rc4 128 bit RC4 22159191Skris rc4-64 64 bit RC4 22259191Skris rc4-40 40 bit RC4 22359191Skris 224160814Ssimon rc5-cbc RC5 cipher in CBC mode 225160814Ssimon rc5 Alias for rc5-cbc 226160814Ssimon rc5-cfb RC5 cipher in CFB mode 22759191Skris rc5-ecb RC5 cipher in ECB mode 228194206Ssimon rc5-ofb RC5 cipher in OFB mode 229194206Ssimon 230194206Ssimon aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode 231194206Ssimon aes-[128|192|256] Alias for aes-[128|192|256]-cbc 232194206Ssimon aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode 233194206Ssimon aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode 234194206Ssimon aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode 235194206Ssimon aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode 23659191Skris aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode 23759191Skris 23859191Skris=head1 EXAMPLES 23959191Skris 24059191SkrisJust base64 encode a binary file: 24159191Skris 24259191Skris openssl base64 -in file.bin -out file.b64 24359191Skris 24459191SkrisDecode the same file 24559191Skris 24659191Skris openssl base64 -d -in file.b64 -out file.bin 24759191Skris 24859191SkrisEncrypt a file using triple DES in CBC mode using a prompted password: 24959191Skris 25059191Skris openssl des3 -salt -in file.txt -out file.des3 25159191Skris 25259191SkrisDecrypt a file using a supplied password: 25359191Skris 25459191Skris openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword 25559191Skris 25659191SkrisEncrypt a file then base64 encode it (so it can be sent via mail for example) 25759191Skrisusing Blowfish in CBC mode: 25859191Skris 25959191Skris openssl bf -a -salt -in file.txt -out file.bf 26059191Skris 26159191SkrisBase64 decode a file then decrypt it: 26259191Skris 26359191Skris openssl bf -d -salt -a -in file.bf -out file.txt 26459191Skris 26559191SkrisDecrypt some data using a supplied 40 bit RC4 key: 26659191Skris 26759191Skris openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 26859191Skris 26959191Skris=head1 BUGS 27059191Skris 27159191SkrisThe B<-A> option when used with large files doesn't work properly. 27259191Skris 273109998SmarkmThere should be an option to allow an iteration count to be included. 274109998Smarkm 275109998SmarkmThe B<enc> program only supports a fixed number of algorithms with 27659191Skriscertain parameters. So if, for example, you want to use RC2 with a 27759191Skris76 bit key or RC4 with an 84 bit key you can't use this program. 278 279=cut 280