]>
Commit | Line | Data |
---|---|---|
a0e9f529 | 1 | =pod |
19d2bb57 | 2 | |
a0e9f529 DSH |
3 | =head1 NAME |
4 | ||
5 | enc - symmetric cipher routines | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl enc -ciphername> | |
169394d4 | 10 | [B<-help>] |
a0e9f529 DSH |
11 | [B<-in filename>] |
12 | [B<-out filename>] | |
cd3c54e5 | 13 | [B<-pass arg>] |
a0e9f529 DSH |
14 | [B<-e>] |
15 | [B<-d>] | |
e5fa864f | 16 | [B<-a/-base64>] |
a0e9f529 DSH |
17 | [B<-A>] |
18 | [B<-k password>] | |
19 | [B<-kfile filename>] | |
20 | [B<-K key>] | |
21 | [B<-iv IV>] | |
e5fa864f DSH |
22 | [B<-S salt>] |
23 | [B<-salt>] | |
24 | [B<-nosalt>] | |
25 | [B<-z>] | |
9e8b6f04 | 26 | [B<-md digest>] |
a0e9f529 DSH |
27 | [B<-p>] |
28 | [B<-P>] | |
29 | [B<-bufsize number>] | |
f2e5ca84 | 30 | [B<-nopad>] |
a0e9f529 | 31 | [B<-debug>] |
e5fa864f DSH |
32 | [B<-none>] |
33 | [B<-engine id>] | |
a0e9f529 DSH |
34 | |
35 | =head1 DESCRIPTION | |
36 | ||
19d2bb57 | 37 | The symmetric cipher commands allow data to be encrypted or decrypted |
a0e9f529 DSH |
38 | using various block and stream ciphers using keys based on passwords |
39 | or explicitly provided. Base64 encoding or decoding can also be performed | |
40 | either by itself or in addition to the encryption or decryption. | |
41 | ||
42 | =head1 OPTIONS | |
43 | ||
44 | =over 4 | |
45 | ||
169394d4 MR |
46 | =item B<-help> |
47 | ||
48 | Print out a usage message. | |
49 | ||
a0e9f529 DSH |
50 | =item B<-in filename> |
51 | ||
52 | the input filename, standard input by default. | |
53 | ||
54 | =item B<-out filename> | |
55 | ||
56 | the output filename, standard output by default. | |
57 | ||
cd3c54e5 DSH |
58 | =item B<-pass arg> |
59 | ||
60 | the password source. For more information about the format of B<arg> | |
9b86974e | 61 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
cd3c54e5 | 62 | |
a0e9f529 DSH |
63 | =item B<-e> |
64 | ||
65 | encrypt the input data: this is the default. | |
66 | ||
67 | =item B<-d> | |
68 | ||
69 | decrypt the input data. | |
70 | ||
71 | =item B<-a> | |
72 | ||
73 | base64 process the data. This means that if encryption is taking place | |
74 | the data is base64 encoded after encryption. If decryption is set then | |
75 | the input data is base64 decoded before being decrypted. | |
76 | ||
e5fa864f DSH |
77 | =item B<-base64> |
78 | ||
79 | same as B<-a> | |
80 | ||
a0e9f529 DSH |
81 | =item B<-A> |
82 | ||
83 | if the B<-a> option is set then base64 process the data on one line. | |
84 | ||
85 | =item B<-k password> | |
86 | ||
cd3c54e5 DSH |
87 | the password to derive the key from. This is for compatibility with previous |
88 | versions of OpenSSL. Superseded by the B<-pass> argument. | |
a0e9f529 DSH |
89 | |
90 | =item B<-kfile filename> | |
91 | ||
cd3c54e5 | 92 | read the password to derive the key from the first line of B<filename>. |
e544b0dc | 93 | This is for compatibility with previous versions of OpenSSL. Superseded by |
cd3c54e5 | 94 | the B<-pass> argument. |
a0e9f529 | 95 | |
9e8b6f04 RS |
96 | =item B<-md digest> |
97 | ||
98 | Use the specified digest to create the key from the passphrase. | |
99 | The default algorithm is sha-256. | |
100 | ||
e5fa864f DSH |
101 | =item B<-nosalt> |
102 | ||
ed233db7 RS |
103 | don't use a salt in the key derivation routines. This option B<SHOULD NOT> be |
104 | used except for test purposes or compatibility with ancient versions of | |
105 | OpenSSL. | |
e5fa864f DSH |
106 | |
107 | =item B<-salt> | |
108 | ||
109 | use salt (randomly generated or provide with B<-S> option) when | |
110 | encrypting (this is the default). | |
111 | ||
fd699ac5 DSH |
112 | =item B<-S salt> |
113 | ||
e5fa864f | 114 | the actual salt to use: this must be represented as a string of hex digits. |
fd699ac5 | 115 | |
a0e9f529 DSH |
116 | =item B<-K key> |
117 | ||
118 | the actual key to use: this must be represented as a string comprised only | |
43f9391b LJ |
119 | of hex digits. If only the key is specified, the IV must additionally specified |
120 | using the B<-iv> option. When both a key and a password are specified, the | |
121 | key given with the B<-K> option will be used and the IV generated from the | |
122 | password will be taken. It probably does not make much sense to specify | |
123 | both key and password. | |
a0e9f529 DSH |
124 | |
125 | =item B<-iv IV> | |
126 | ||
127 | the actual IV to use: this must be represented as a string comprised only | |
43f9391b LJ |
128 | of hex digits. When only the key is specified using the B<-K> option, the |
129 | IV must explicitly be defined. When a password is being specified using | |
130 | one of the other options, the IV is generated from this password. | |
a0e9f529 DSH |
131 | |
132 | =item B<-p> | |
133 | ||
134 | print out the key and IV used. | |
135 | ||
136 | =item B<-P> | |
137 | ||
138 | print out the key and IV used then immediately exit: don't do any encryption | |
139 | or decryption. | |
140 | ||
141 | =item B<-bufsize number> | |
142 | ||
143 | set the buffer size for I/O | |
144 | ||
f2e5ca84 DSH |
145 | =item B<-nopad> |
146 | ||
147 | disable standard block padding | |
148 | ||
a0e9f529 DSH |
149 | =item B<-debug> |
150 | ||
151 | debug the BIOs used for I/O. | |
152 | ||
e5fa864f DSH |
153 | =item B<-z> |
154 | ||
155 | Compress or decompress clear text using zlib before encryption or after | |
156 | decryption. This option exists only if OpenSSL with compiled with zlib | |
157 | or zlib-dynamic option. | |
158 | ||
159 | =item B<-none> | |
160 | ||
161 | Use NULL cipher (no encryption or decryption of input). | |
162 | ||
a0e9f529 DSH |
163 | =back |
164 | ||
165 | =head1 NOTES | |
166 | ||
167 | The program can be called either as B<openssl ciphername> or | |
e5fa864f DSH |
168 | B<openssl enc -ciphername>. But the first form doesn't work with |
169 | engine-provided ciphers, because this form is processed before the | |
170 | configuration file is read and any ENGINEs loaded. | |
171 | ||
172 | Engines which provide entirely new encryption algorithms (such as ccgost | |
173 | engine which provides gost89 algorithm) should be configured in the | |
174 | configuration file. Engines, specified in the command line using -engine | |
4c583c36 | 175 | options can only be used for hardware-assisted implementations of |
e5fa864f DSH |
176 | ciphers, which are supported by OpenSSL core or other engine, specified |
177 | in the configuration file. | |
178 | ||
179 | When enc command lists supported ciphers, ciphers provided by engines, | |
180 | specified in the configuration files are listed too. | |
a0e9f529 DSH |
181 | |
182 | A password will be prompted for to derive the key and IV if necessary. | |
183 | ||
6d1b637b | 184 | The B<-salt> option should B<ALWAYS> be used if the key is being derived |
19d2bb57 | 185 | from a password unless you want compatibility with previous versions of |
b0700d2c | 186 | OpenSSL. |
fd699ac5 DSH |
187 | |
188 | Without the B<-salt> option it is possible to perform efficient dictionary | |
189 | attacks on the password and to attack stream cipher encrypted data. The reason | |
190 | for this is that without the salt the same password always generates the same | |
191 | encryption key. When the salt is being used the first eight bytes of the | |
192 | encrypted data are reserved for the salt: it is generated at random when | |
193 | encrypting a file and read from the encrypted file when it is decrypted. | |
194 | ||
4abc5c62 DSH |
195 | Some of the ciphers do not have large keys and others have security |
196 | implications if not used correctly. A beginner is advised to just use | |
197 | a strong block cipher in CBC mode such as bf or des3. | |
198 | ||
f2e5ca84 | 199 | All the block ciphers normally use PKCS#5 padding also known as standard block |
a0e9f529 DSH |
200 | padding: this allows a rudimentary integrity or password check to be |
201 | performed. However since the chance of random data passing the test is | |
202 | better than 1 in 256 it isn't a very good test. | |
203 | ||
3b80e3aa | 204 | If padding is disabled then the input data must be a multiple of the cipher |
f2e5ca84 DSH |
205 | block length. |
206 | ||
a0e9f529 DSH |
207 | All RC2 ciphers have the same key and effective key length. |
208 | ||
209 | Blowfish and RC5 algorithms use a 128 bit key. | |
210 | ||
211 | =head1 SUPPORTED CIPHERS | |
212 | ||
e5fa864f DSH |
213 | Note that some of these ciphers can be disabled at compile time |
214 | and some are available only if an appropriate engine is configured | |
215 | in the configuration file. The output of the B<enc> command run with | |
216 | unsupported options (for example B<openssl enc -help>) includes a | |
4c583c36 | 217 | list of ciphers, supported by your version of OpenSSL, including |
e5fa864f DSH |
218 | ones provided by configured engines. |
219 | ||
d4b47504 MC |
220 | The B<enc> program does not support authenticated encryption modes |
221 | like CCM and GCM. The utility does not store or retrieve the | |
222 | authentication tag. | |
223 | ||
e5fa864f | 224 | |
a0e9f529 DSH |
225 | base64 Base 64 |
226 | ||
227 | bf-cbc Blowfish in CBC mode | |
228 | bf Alias for bf-cbc | |
19d2bb57 | 229 | bf-cfb Blowfish in CFB mode |
a0e9f529 DSH |
230 | bf-ecb Blowfish in ECB mode |
231 | bf-ofb Blowfish in OFB mode | |
232 | ||
233 | cast-cbc CAST in CBC mode | |
234 | cast Alias for cast-cbc | |
235 | cast5-cbc CAST5 in CBC mode | |
236 | cast5-cfb CAST5 in CFB mode | |
237 | cast5-ecb CAST5 in ECB mode | |
238 | cast5-ofb CAST5 in OFB mode | |
239 | ||
240 | des-cbc DES in CBC mode | |
241 | des Alias for des-cbc | |
242 | des-cfb DES in CBC mode | |
243 | des-ofb DES in OFB mode | |
244 | des-ecb DES in ECB mode | |
245 | ||
246 | des-ede-cbc Two key triple DES EDE in CBC mode | |
701d35d1 | 247 | des-ede Two key triple DES EDE in ECB mode |
a0e9f529 DSH |
248 | des-ede-cfb Two key triple DES EDE in CFB mode |
249 | des-ede-ofb Two key triple DES EDE in OFB mode | |
250 | ||
251 | des-ede3-cbc Three key triple DES EDE in CBC mode | |
701d35d1 | 252 | des-ede3 Three key triple DES EDE in ECB mode |
a0e9f529 DSH |
253 | des3 Alias for des-ede3-cbc |
254 | des-ede3-cfb Three key triple DES EDE CFB mode | |
255 | des-ede3-ofb Three key triple DES EDE in OFB mode | |
256 | ||
257 | desx DESX algorithm. | |
258 | ||
e5fa864f DSH |
259 | gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) |
260 | gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine) | |
261 | ||
a0e9f529 DSH |
262 | idea-cbc IDEA algorithm in CBC mode |
263 | idea same as idea-cbc | |
264 | idea-cfb IDEA in CFB mode | |
265 | idea-ecb IDEA in ECB mode | |
266 | idea-ofb IDEA in OFB mode | |
267 | ||
268 | rc2-cbc 128 bit RC2 in CBC mode | |
269 | rc2 Alias for rc2-cbc | |
60021d91 RL |
270 | rc2-cfb 128 bit RC2 in CFB mode |
271 | rc2-ecb 128 bit RC2 in ECB mode | |
272 | rc2-ofb 128 bit RC2 in OFB mode | |
a0e9f529 DSH |
273 | rc2-64-cbc 64 bit RC2 in CBC mode |
274 | rc2-40-cbc 40 bit RC2 in CBC mode | |
275 | ||
276 | rc4 128 bit RC4 | |
277 | rc4-64 64 bit RC4 | |
278 | rc4-40 40 bit RC4 | |
279 | ||
280 | rc5-cbc RC5 cipher in CBC mode | |
281 | rc5 Alias for rc5-cbc | |
60021d91 RL |
282 | rc5-cfb RC5 cipher in CFB mode |
283 | rc5-ecb RC5 cipher in ECB mode | |
284 | rc5-ofb RC5 cipher in OFB mode | |
a0e9f529 | 285 | |
330591fd | 286 | aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode |
c03726ca | 287 | aes[128|192|256] Alias for aes-[128|192|256]-cbc |
330591fd AP |
288 | aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode |
289 | aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode | |
290 | aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode | |
291 | aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode | |
292 | aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode | |
293 | ||
a0e9f529 DSH |
294 | =head1 EXAMPLES |
295 | ||
4abc5c62 DSH |
296 | Just base64 encode a binary file: |
297 | ||
298 | openssl base64 -in file.bin -out file.b64 | |
299 | ||
300 | Decode the same file | |
301 | ||
302 | openssl base64 -d -in file.b64 -out file.bin | |
303 | ||
304 | Encrypt a file using triple DES in CBC mode using a prompted password: | |
305 | ||
fd699ac5 | 306 | openssl des3 -salt -in file.txt -out file.des3 |
4abc5c62 DSH |
307 | |
308 | Decrypt a file using a supplied password: | |
309 | ||
fd699ac5 | 310 | openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword |
4abc5c62 DSH |
311 | |
312 | Encrypt a file then base64 encode it (so it can be sent via mail for example) | |
313 | using Blowfish in CBC mode: | |
314 | ||
fd699ac5 | 315 | openssl bf -a -salt -in file.txt -out file.bf |
4abc5c62 DSH |
316 | |
317 | Base64 decode a file then decrypt it: | |
318 | ||
fd699ac5 | 319 | openssl bf -d -salt -a -in file.bf -out file.txt |
4abc5c62 DSH |
320 | |
321 | Decrypt some data using a supplied 40 bit RC4 key: | |
322 | ||
323 | openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 | |
a0e9f529 DSH |
324 | |
325 | =head1 BUGS | |
326 | ||
327 | The B<-A> option when used with large files doesn't work properly. | |
328 | ||
fd699ac5 | 329 | There should be an option to allow an iteration count to be included. |
a0e9f529 | 330 | |
f2e5ca84 DSH |
331 | The B<enc> program only supports a fixed number of algorithms with |
332 | certain parameters. So if, for example, you want to use RC2 with a | |
333 | 76 bit key or RC4 with an 84 bit key you can't use this program. | |
a0e9f529 | 334 | |
9e8b6f04 RS |
335 | =head1 HISTORY |
336 | ||
3903e1c3 | 337 | The default digest was changed from MD5 to SHA256 in Openssl 1.1. |
9e8b6f04 | 338 | |
a0e9f529 | 339 | =cut |
e2f92610 RS |
340 | |
341 | =head1 COPYRIGHT | |
342 | ||
343 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
344 | ||
345 | Licensed under the OpenSSL license (the "License"). You may not use | |
346 | this file except in compliance with the License. You can obtain a copy | |
347 | in the file LICENSE in the source distribution or at | |
348 | L<https://www.openssl.org/source/license.html>. | |
349 | ||
350 | =cut |