]>
Commit | Line | Data |
---|---|---|
a0e9f529 | 1 | =pod |
19d2bb57 | 2 | |
a0e9f529 DSH |
3 | =head1 NAME |
4 | ||
b6b66573 | 5 | openssl-enc - symmetric cipher routines |
a0e9f529 DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
e8769719 RS |
9 | B<openssl> |
10 | [B<->I<cipher>] | |
169394d4 | 11 | [B<-help>] |
3b5bea36 | 12 | [B<-ciphers>] |
e8769719 RS |
13 | [B<-in> I<filename>] |
14 | [B<-out> I<filename>] | |
15 | [B<-pass> I<arg>] | |
a0e9f529 DSH |
16 | [B<-e>] |
17 | [B<-d>] | |
e75138ab RS |
18 | [B<-a>] |
19 | [B<-base64>] | |
a0e9f529 | 20 | [B<-A>] |
e8769719 RS |
21 | [B<-k> I<password>] |
22 | [B<-kfile> I<filename>] | |
23 | [B<-K> I<key>] | |
24 | [B<-iv> I<IV>] | |
25 | [B<-S> I<salt>] | |
e5fa864f DSH |
26 | [B<-salt>] |
27 | [B<-nosalt>] | |
28 | [B<-z>] | |
e8769719 RS |
29 | [B<-md> I<digest>] |
30 | [B<-iter> I<count>] | |
405988f2 | 31 | [B<-pbkdf2>] |
a0e9f529 DSH |
32 | [B<-p>] |
33 | [B<-P>] | |
e8769719 | 34 | [B<-bufsize> I<number>] |
f2e5ca84 | 35 | [B<-nopad>] |
a0e9f529 | 36 | [B<-debug>] |
e5fa864f | 37 | [B<-none>] |
e8769719 RS |
38 | [B<-rand> I<file...>] |
39 | [B<-writerand> I<file>] | |
40 | [B<-engine> I<id>] | |
a0e9f529 | 41 | |
1738c0ce RS |
42 | =for comment ifdef z engine |
43 | ||
e8769719 | 44 | B<openssl> I<cipher> [B<...>] |
e75138ab | 45 | |
a0e9f529 DSH |
46 | =head1 DESCRIPTION |
47 | ||
19d2bb57 | 48 | The symmetric cipher commands allow data to be encrypted or decrypted |
a0e9f529 DSH |
49 | using various block and stream ciphers using keys based on passwords |
50 | or explicitly provided. Base64 encoding or decoding can also be performed | |
51 | either by itself or in addition to the encryption or decryption. | |
52 | ||
53 | =head1 OPTIONS | |
54 | ||
55 | =over 4 | |
56 | ||
169394d4 MR |
57 | =item B<-help> |
58 | ||
59 | Print out a usage message. | |
60 | ||
3b5bea36 RS |
61 | =item B<-ciphers> |
62 | ||
63 | List all supported ciphers. | |
64 | ||
e8769719 | 65 | =item B<-in> I<filename> |
a0e9f529 | 66 | |
3fd5ece3 | 67 | The input filename, standard input by default. |
a0e9f529 | 68 | |
e8769719 | 69 | =item B<-out> I<filename> |
a0e9f529 | 70 | |
3fd5ece3 | 71 | The output filename, standard output by default. |
a0e9f529 | 72 | |
e8769719 | 73 | =item B<-pass> I<arg> |
cd3c54e5 | 74 | |
3fd5ece3 | 75 | The password source. For more information about the format of B<arg> |
e8769719 | 76 | see L<openssl(1)/Pass phrase options>. |
cd3c54e5 | 77 | |
a0e9f529 DSH |
78 | =item B<-e> |
79 | ||
3fd5ece3 | 80 | Encrypt the input data: this is the default. |
a0e9f529 DSH |
81 | |
82 | =item B<-d> | |
83 | ||
3fd5ece3 | 84 | Decrypt the input data. |
a0e9f529 DSH |
85 | |
86 | =item B<-a> | |
87 | ||
3fd5ece3 | 88 | Base64 process the data. This means that if encryption is taking place |
a0e9f529 DSH |
89 | the data is base64 encoded after encryption. If decryption is set then |
90 | the input data is base64 decoded before being decrypted. | |
91 | ||
e5fa864f DSH |
92 | =item B<-base64> |
93 | ||
3fd5ece3 | 94 | Same as B<-a> |
e5fa864f | 95 | |
a0e9f529 DSH |
96 | =item B<-A> |
97 | ||
3fd5ece3 | 98 | If the B<-a> option is set then base64 process the data on one line. |
a0e9f529 | 99 | |
e8769719 | 100 | =item B<-k> I<password> |
a0e9f529 | 101 | |
3fd5ece3 | 102 | The password to derive the key from. This is for compatibility with previous |
cd3c54e5 | 103 | versions of OpenSSL. Superseded by the B<-pass> argument. |
a0e9f529 | 104 | |
e8769719 | 105 | =item B<-kfile> I<filename> |
a0e9f529 | 106 | |
3fd5ece3 | 107 | Read the password to derive the key from the first line of B<filename>. |
e544b0dc | 108 | This is for compatibility with previous versions of OpenSSL. Superseded by |
cd3c54e5 | 109 | the B<-pass> argument. |
a0e9f529 | 110 | |
e8769719 | 111 | =item B<-md> I<digest> |
9e8b6f04 RS |
112 | |
113 | Use the specified digest to create the key from the passphrase. | |
114 | The default algorithm is sha-256. | |
115 | ||
e8769719 | 116 | =item B<-iter> I<count> |
405988f2 E |
117 | |
118 | Use a given number of iterations on the password in deriving the encryption key. | |
119 | High values increase the time required to brute-force the resulting file. | |
120 | This option enables the use of PBKDF2 algorithm to derive the key. | |
121 | ||
122 | =item B<-pbkdf2> | |
123 | ||
124 | Use PBKDF2 algorithm with default iteration count unless otherwise specified. | |
125 | ||
e5fa864f DSH |
126 | =item B<-nosalt> |
127 | ||
3fd5ece3 | 128 | Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be |
ed233db7 RS |
129 | used except for test purposes or compatibility with ancient versions of |
130 | OpenSSL. | |
e5fa864f DSH |
131 | |
132 | =item B<-salt> | |
133 | ||
3fd5ece3 P |
134 | Use salt (randomly generated or provide with B<-S> option) when |
135 | encrypting, this is the default. | |
e5fa864f | 136 | |
e8769719 | 137 | =item B<-S> I<salt> |
fd699ac5 | 138 | |
3fd5ece3 | 139 | The actual salt to use: this must be represented as a string of hex digits. |
fd699ac5 | 140 | |
e8769719 | 141 | =item B<-K> I<key> |
a0e9f529 | 142 | |
3fd5ece3 | 143 | The actual key to use: this must be represented as a string comprised only |
43f9391b LJ |
144 | of hex digits. If only the key is specified, the IV must additionally specified |
145 | using the B<-iv> option. When both a key and a password are specified, the | |
146 | key given with the B<-K> option will be used and the IV generated from the | |
3fd5ece3 P |
147 | password will be taken. It does not make much sense to specify both key |
148 | and password. | |
a0e9f529 | 149 | |
e8769719 | 150 | =item B<-iv> I<IV> |
a0e9f529 | 151 | |
3fd5ece3 | 152 | The actual IV to use: this must be represented as a string comprised only |
43f9391b LJ |
153 | of hex digits. When only the key is specified using the B<-K> option, the |
154 | IV must explicitly be defined. When a password is being specified using | |
155 | one of the other options, the IV is generated from this password. | |
a0e9f529 DSH |
156 | |
157 | =item B<-p> | |
158 | ||
3fd5ece3 | 159 | Print out the key and IV used. |
a0e9f529 DSH |
160 | |
161 | =item B<-P> | |
162 | ||
3fd5ece3 | 163 | Print out the key and IV used then immediately exit: don't do any encryption |
a0e9f529 DSH |
164 | or decryption. |
165 | ||
e8769719 | 166 | =item B<-bufsize> I<number> |
a0e9f529 | 167 | |
3fd5ece3 | 168 | Set the buffer size for I/O. |
a0e9f529 | 169 | |
f2e5ca84 DSH |
170 | =item B<-nopad> |
171 | ||
3fd5ece3 | 172 | Disable standard block padding. |
f2e5ca84 | 173 | |
a0e9f529 DSH |
174 | =item B<-debug> |
175 | ||
3fd5ece3 | 176 | Debug the BIOs used for I/O. |
a0e9f529 | 177 | |
e5fa864f DSH |
178 | =item B<-z> |
179 | ||
180 | Compress or decompress clear text using zlib before encryption or after | |
181 | decryption. This option exists only if OpenSSL with compiled with zlib | |
182 | or zlib-dynamic option. | |
183 | ||
184 | =item B<-none> | |
185 | ||
186 | Use NULL cipher (no encryption or decryption of input). | |
187 | ||
e8769719 | 188 | =item B<-rand> I<file...> |
3ee1eac2 RS |
189 | |
190 | A file or files containing random data used to seed the random number | |
191 | generator. | |
192 | Multiple files can be specified separated by an OS-dependent character. | |
193 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for | |
194 | all others. | |
195 | ||
e8769719 | 196 | =item B<-writerand> I<file> |
3ee1eac2 RS |
197 | |
198 | Writes random data to the specified I<file> upon exit. | |
199 | This can be used with a subsequent B<-rand> flag. | |
200 | ||
a0e9f529 DSH |
201 | =back |
202 | ||
203 | =head1 NOTES | |
204 | ||
e75138ab RS |
205 | The program can be called either as B<openssl cipher> or |
206 | B<openssl enc -cipher>. The first form doesn't work with | |
e5fa864f DSH |
207 | engine-provided ciphers, because this form is processed before the |
208 | configuration file is read and any ENGINEs loaded. | |
e75138ab | 209 | Use the B<list> command to get a list of supported ciphers. |
e5fa864f | 210 | |
3fd5ece3 | 211 | Engines which provide entirely new encryption algorithms (such as the ccgost |
e5fa864f | 212 | engine which provides gost89 algorithm) should be configured in the |
3fd5ece3 | 213 | configuration file. Engines specified on the command line using -engine |
4c583c36 | 214 | options can only be used for hardware-assisted implementations of |
3fd5ece3 | 215 | ciphers which are supported by the OpenSSL core or another engine specified |
e5fa864f DSH |
216 | in the configuration file. |
217 | ||
3fd5ece3 | 218 | When the enc command lists supported ciphers, ciphers provided by engines, |
e5fa864f | 219 | specified in the configuration files are listed too. |
a0e9f529 DSH |
220 | |
221 | A password will be prompted for to derive the key and IV if necessary. | |
222 | ||
6d1b637b | 223 | The B<-salt> option should B<ALWAYS> be used if the key is being derived |
19d2bb57 | 224 | from a password unless you want compatibility with previous versions of |
b0700d2c | 225 | OpenSSL. |
fd699ac5 DSH |
226 | |
227 | Without the B<-salt> option it is possible to perform efficient dictionary | |
228 | attacks on the password and to attack stream cipher encrypted data. The reason | |
229 | for this is that without the salt the same password always generates the same | |
230 | encryption key. When the salt is being used the first eight bytes of the | |
231 | encrypted data are reserved for the salt: it is generated at random when | |
232 | encrypting a file and read from the encrypted file when it is decrypted. | |
233 | ||
4abc5c62 DSH |
234 | Some of the ciphers do not have large keys and others have security |
235 | implications if not used correctly. A beginner is advised to just use | |
3fd5ece3 | 236 | a strong block cipher, such as AES, in CBC mode. |
4abc5c62 | 237 | |
3fd5ece3 P |
238 | All the block ciphers normally use PKCS#5 padding, also known as standard |
239 | block padding. This allows a rudimentary integrity or password check to | |
240 | be performed. However since the chance of random data passing the test | |
241 | is better than 1 in 256 it isn't a very good test. | |
a0e9f529 | 242 | |
3b80e3aa | 243 | If padding is disabled then the input data must be a multiple of the cipher |
f2e5ca84 DSH |
244 | block length. |
245 | ||
a0e9f529 DSH |
246 | All RC2 ciphers have the same key and effective key length. |
247 | ||
248 | Blowfish and RC5 algorithms use a 128 bit key. | |
249 | ||
250 | =head1 SUPPORTED CIPHERS | |
251 | ||
e5fa864f DSH |
252 | Note that some of these ciphers can be disabled at compile time |
253 | and some are available only if an appropriate engine is configured | |
254 | in the configuration file. The output of the B<enc> command run with | |
3fd5ece3 | 255 | the B<-ciphers> option (that is B<openssl enc -ciphers>) produces a |
4c583c36 | 256 | list of ciphers, supported by your version of OpenSSL, including |
e5fa864f DSH |
257 | ones provided by configured engines. |
258 | ||
d4b47504 | 259 | The B<enc> program does not support authenticated encryption modes |
272cc20b BK |
260 | like CCM and GCM, and will not support such modes in the future. |
261 | The B<enc> interface by necessity must begin streaming output (e.g., | |
eadde90b | 262 | to standard output when B<-out> is not used) before the authentication |
272cc20b BK |
263 | tag could be validated, leading to the usage of B<enc> in pipelines |
264 | that begin processing untrusted data and are not capable of rolling | |
265 | back upon authentication failure. The AEAD modes currently in common | |
266 | use also suffer from catastrophic failure of confidentiality and/or | |
267 | integrity upon reuse of key/iv/nonce, and since B<enc> places the | |
268 | entire burden of key/iv/nonce management upon the user, the risk of | |
269 | exposing AEAD modes is too great to allow. These key/iv/nonce | |
270 | management issues also affect other modes currently exposed in B<enc>, | |
271 | but the failure modes are less extreme in these cases, and the | |
272 | functionality cannot be removed with a stable release branch. | |
273 | For bulk encryption of data, whether using authenticated encryption | |
274 | modes or other modes, L<cms(1)> is recommended, as it provides a | |
275 | standard data format and performs the needed key/iv/nonce management. | |
d4b47504 | 276 | |
e5fa864f | 277 | |
a0e9f529 DSH |
278 | base64 Base 64 |
279 | ||
280 | bf-cbc Blowfish in CBC mode | |
281 | bf Alias for bf-cbc | |
41a6fa74 | 282 | blowfish Alias for bf-cbc |
19d2bb57 | 283 | bf-cfb Blowfish in CFB mode |
a0e9f529 DSH |
284 | bf-ecb Blowfish in ECB mode |
285 | bf-ofb Blowfish in OFB mode | |
286 | ||
287 | cast-cbc CAST in CBC mode | |
288 | cast Alias for cast-cbc | |
289 | cast5-cbc CAST5 in CBC mode | |
290 | cast5-cfb CAST5 in CFB mode | |
291 | cast5-ecb CAST5 in ECB mode | |
292 | cast5-ofb CAST5 in OFB mode | |
293 | ||
41a6fa74 PY |
294 | chacha20 ChaCha20 algorithm |
295 | ||
a0e9f529 DSH |
296 | des-cbc DES in CBC mode |
297 | des Alias for des-cbc | |
47c07020 | 298 | des-cfb DES in CFB mode |
a0e9f529 DSH |
299 | des-ofb DES in OFB mode |
300 | des-ecb DES in ECB mode | |
301 | ||
302 | des-ede-cbc Two key triple DES EDE in CBC mode | |
701d35d1 | 303 | des-ede Two key triple DES EDE in ECB mode |
a0e9f529 DSH |
304 | des-ede-cfb Two key triple DES EDE in CFB mode |
305 | des-ede-ofb Two key triple DES EDE in OFB mode | |
306 | ||
307 | des-ede3-cbc Three key triple DES EDE in CBC mode | |
701d35d1 | 308 | des-ede3 Three key triple DES EDE in ECB mode |
a0e9f529 DSH |
309 | des3 Alias for des-ede3-cbc |
310 | des-ede3-cfb Three key triple DES EDE CFB mode | |
311 | des-ede3-ofb Three key triple DES EDE in OFB mode | |
312 | ||
313 | desx DESX algorithm. | |
314 | ||
e5fa864f | 315 | gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) |
1bc74519 | 316 | gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine) |
e5fa864f | 317 | |
a0e9f529 DSH |
318 | idea-cbc IDEA algorithm in CBC mode |
319 | idea same as idea-cbc | |
320 | idea-cfb IDEA in CFB mode | |
321 | idea-ecb IDEA in ECB mode | |
322 | idea-ofb IDEA in OFB mode | |
323 | ||
324 | rc2-cbc 128 bit RC2 in CBC mode | |
325 | rc2 Alias for rc2-cbc | |
60021d91 RL |
326 | rc2-cfb 128 bit RC2 in CFB mode |
327 | rc2-ecb 128 bit RC2 in ECB mode | |
328 | rc2-ofb 128 bit RC2 in OFB mode | |
a0e9f529 DSH |
329 | rc2-64-cbc 64 bit RC2 in CBC mode |
330 | rc2-40-cbc 40 bit RC2 in CBC mode | |
331 | ||
332 | rc4 128 bit RC4 | |
333 | rc4-64 64 bit RC4 | |
334 | rc4-40 40 bit RC4 | |
335 | ||
336 | rc5-cbc RC5 cipher in CBC mode | |
337 | rc5 Alias for rc5-cbc | |
60021d91 RL |
338 | rc5-cfb RC5 cipher in CFB mode |
339 | rc5-ecb RC5 cipher in ECB mode | |
340 | rc5-ofb RC5 cipher in OFB mode | |
a0e9f529 | 341 | |
41a6fa74 PY |
342 | seed-cbc SEED cipher in CBC mode |
343 | seed Alias for seed-cbc | |
344 | seed-cfb SEED cipher in CFB mode | |
345 | seed-ecb SEED cipher in ECB mode | |
346 | seed-ofb SEED cipher in OFB mode | |
347 | ||
348 | sm4-cbc SM4 cipher in CBC mode | |
349 | sm4 Alias for sm4-cbc | |
350 | sm4-cfb SM4 cipher in CFB mode | |
351 | sm4-ctr SM4 cipher in CTR mode | |
352 | sm4-ecb SM4 cipher in ECB mode | |
353 | sm4-ofb SM4 cipher in OFB mode | |
354 | ||
1bc74519 RS |
355 | aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode |
356 | aes[128|192|256] Alias for aes-[128|192|256]-cbc | |
357 | aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode | |
358 | aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode | |
359 | aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode | |
3fd5ece3 | 360 | aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode |
1bc74519 RS |
361 | aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode |
362 | aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode | |
330591fd | 363 | |
41a6fa74 PY |
364 | aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode |
365 | aria[128|192|256] Alias for aria-[128|192|256]-cbc | |
366 | aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode | |
367 | aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode | |
368 | aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode | |
369 | aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode | |
370 | aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode | |
371 | aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode | |
372 | ||
3fd5ece3 P |
373 | camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode |
374 | camellia[128|192|256] Alias for camellia-[128|192|256]-cbc | |
375 | camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode | |
376 | camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode | |
377 | camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode | |
378 | camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode | |
379 | camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode | |
380 | camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode | |
381 | ||
a0e9f529 DSH |
382 | =head1 EXAMPLES |
383 | ||
4abc5c62 DSH |
384 | Just base64 encode a binary file: |
385 | ||
386 | openssl base64 -in file.bin -out file.b64 | |
387 | ||
388 | Decode the same file | |
389 | ||
1bc74519 | 390 | openssl base64 -d -in file.b64 -out file.bin |
4abc5c62 | 391 | |
eadde90b AS |
392 | Encrypt a file using AES-128 using a prompted password |
393 | and PBKDF2 key derivation: | |
4abc5c62 | 394 | |
eadde90b | 395 | openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128 |
4abc5c62 DSH |
396 | |
397 | Decrypt a file using a supplied password: | |
398 | ||
eadde90b AS |
399 | openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \ |
400 | -pass pass:<password> | |
4abc5c62 DSH |
401 | |
402 | Encrypt a file then base64 encode it (so it can be sent via mail for example) | |
eadde90b | 403 | using AES-256 in CTR mode and PBKDF2 key derivation: |
4abc5c62 | 404 | |
eadde90b | 405 | openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256 |
4abc5c62 | 406 | |
eadde90b | 407 | Base64 decode a file then decrypt it using a password supplied in a file: |
4abc5c62 | 408 | |
eadde90b AS |
409 | openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \ |
410 | -pass file:<passfile> | |
a0e9f529 DSH |
411 | |
412 | =head1 BUGS | |
413 | ||
414 | The B<-A> option when used with large files doesn't work properly. | |
415 | ||
f2e5ca84 DSH |
416 | The B<enc> program only supports a fixed number of algorithms with |
417 | certain parameters. So if, for example, you want to use RC2 with a | |
418 | 76 bit key or RC4 with an 84 bit key you can't use this program. | |
a0e9f529 | 419 | |
9e8b6f04 RS |
420 | =head1 HISTORY |
421 | ||
fc5ecadd | 422 | The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. |
9e8b6f04 | 423 | |
e2f92610 RS |
424 | =head1 COPYRIGHT |
425 | ||
b6b66573 | 426 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 427 | |
449040b4 | 428 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
429 | this file except in compliance with the License. You can obtain a copy |
430 | in the file LICENSE in the source distribution or at | |
431 | L<https://www.openssl.org/source/license.html>. | |
432 | ||
433 | =cut |