[B<-P>]
[B<-bufsize> I<number>]
[B<-nopad>]
+[B<-v>]
[B<-debug>]
[B<-none>]
-{- $OpenSSL::safe::opt_engine_synopsis -}
-{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_provider_synopsis -}
-=for openssl ifdef z engine
+=for openssl ifdef z engine ciphers
B<openssl> I<cipher> [B<...>]
=item B<-pass> I<arg>
The password source. For more information about the format of I<arg>
-see L<openssl(1)/Pass Phrase Options>.
+see L<openssl-passphrase-options(1)>.
=item B<-e>
Disable standard block padding.
+=item B<-v>
+
+Verbose print; display some statistics about I/O and buffer sizes.
+
=item B<-debug>
Debug the BIOs used for I/O.
=item B<-z>
-Compress or decompress clear text using zlib before encryption or after
-decryption. This option exists only if OpenSSL with compiled with zlib
+Compress or decompress encrypted data using zlib after encryption or before
+decryption. This option exists only if OpenSSL was compiled with the zlib
or zlib-dynamic option.
=item B<-none>
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_provider_item -}
+
{- $OpenSSL::safe::opt_engine_item -}
=back
All the block ciphers normally use PKCS#5 padding, also known as standard
block padding. This allows a rudimentary integrity or password check to
-be performed. However since the chance of random data passing the test
+be performed. However, since the chance of random data passing the test
is better than 1 in 256 it isn't a very good test.
If padding is disabled then the input data must be a multiple of the cipher
Note that some of these ciphers can be disabled at compile time
and some are available only if an appropriate engine is configured
in the configuration file. The output when invoking this command
-with the B<-ciphers> option (that is C<openssl enc -ciphers>) is
+with the B<-list> option (that is C<openssl enc -list>) is
a list of ciphers, supported by your version of OpenSSL, including
ones provided by configured engines.
like CCM and GCM, and will not support such modes in the future.
This is due to having to begin streaming output (e.g., to standard output
when B<-out> is not used) before the authentication tag could be validated.
-When this command is used in a pipeline, the receiveing end will not be
+When this command is used in a pipeline, the receiving end will not be
able to roll back upon authentication failure. The AEAD modes currently in
common use also suffer from catastrophic failure of confidentiality and/or
integrity upon reuse of key/iv/nonce, and since B<openssl enc> places the
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
- gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
+ gost89-cnt GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
The B<-list> option was added in OpenSSL 1.1.1e.
-The B<-ciphers> option was deprecated in OpenSSL 3.0.
+The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy