diff options
Diffstat (limited to 'secure/lib/libcrypto/man/enc.1')
-rw-r--r-- | secure/lib/libcrypto/man/enc.1 | 392 |
1 files changed, 0 insertions, 392 deletions
diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/lib/libcrypto/man/enc.1 deleted file mode 100644 index ee1597d..0000000 --- a/secure/lib/libcrypto/man/enc.1 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ENC 1" -.TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -enc \- symmetric cipher routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl enc \-ciphername\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-pass arg\fR] -[\fB\-e\fR] -[\fB\-d\fR] -[\fB\-a\fR] -[\fB\-A\fR] -[\fB\-k password\fR] -[\fB\-kfile filename\fR] -[\fB\-K key\fR] -[\fB\-iv \s-1IV\s0\fR] -[\fB\-p\fR] -[\fB\-P\fR] -[\fB\-bufsize number\fR] -[\fB\-debug\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The symmetric cipher commands allow data to be encrypted or decrypted -using various block and stream ciphers using keys based on passwords -or explicitly provided. Base64 encoding or decoding can also be performed -either by itself or in addition to the encryption or decryption. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input filename, standard input by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output filename, standard output by default. -.Ip "\fB\-pass arg\fR" 4 -.IX Item "-pass arg" -the password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-salt\fR" 4 -.IX Item "-salt" -use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. -.Ip "\fB\-nosalt\fR" 4 -.IX Item "-nosalt" -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. -.Ip "\fB\-e\fR" 4 -.IX Item "-e" -encrypt the input data: this is the default. -.Ip "\fB\-d\fR" 4 -.IX Item "-d" -decrypt the input data. -.Ip "\fB\-a\fR" 4 -.IX Item "-a" -base64 process the data. This means that if encryption is taking place -the data is base64 encoded after encryption. If decryption is set then -the input data is base64 decoded before being decrypted. -.Ip "\fB\-A\fR" 4 -.IX Item "-A" -if the \fB\-a\fR option is set then base64 process the data on one line. -.Ip "\fB\-k password\fR" 4 -.IX Item "-k password" -the password to derive the key from. This is for compatibility with previous -versions of OpenSSL. Superseded by the \fB\-pass\fR argument. -.Ip "\fB\-kfile filename\fR" 4 -.IX Item "-kfile filename" -read the password to derive the key from the first line of \fBfilename\fR. -This is for computability with previous versions of OpenSSL. Superseded by -the \fB\-pass\fR argument. -.Ip "\fB\-S salt\fR" 4 -.IX Item "-S salt" -the actual salt to use: this must be represented as a string comprised only -of hex digits. -.Ip "\fB\-K key\fR" 4 -.IX Item "-K key" -the actual key to use: this must be represented as a string comprised only -of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified -using the \fB\-iv\fR option. When both a key and a password are specified, the -key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the -password will be taken. It probably does not make much sense to specify -both key and password. -.Ip "\fB\-iv \s-1IV\s0\fR" 4 -.IX Item "-iv IV" -the actual \s-1IV\s0 to use: this must be represented as a string comprised only -of hex digits. When only the key is specified using the \fB\-K\fR option, the -\&\s-1IV\s0 must explicitly be defined. When a password is being specified using -one of the other options, the \s-1IV\s0 is generated from this password. -.Ip "\fB\-p\fR" 4 -.IX Item "-p" -print out the key and \s-1IV\s0 used. -.Ip "\fB\-P\fR" 4 -.IX Item "-P" -print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption -or decryption. -.Ip "\fB\-bufsize number\fR" 4 -.IX Item "-bufsize number" -set the buffer size for I/O -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -debug the BIOs used for I/O. -.SH "NOTES" -.IX Header "NOTES" -The program can be called either as \fBopenssl ciphername\fR or -\&\fBopenssl enc \-ciphername\fR. -.PP -A password will be prompted for to derive the key and \s-1IV\s0 if necessary. -.PP -The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived -from a password unless you want compatibility with previous versions of -OpenSSL and SSLeay. -.PP -Without the \fB\-salt\fR option it is possible to perform efficient dictionary -attacks on the password and to attack stream cipher encrypted data. The reason -for this is that without the salt the same password always generates the same -encryption key. When the salt is being used the first eight bytes of the -encrypted data are reserved for the salt: it is generated at random when -encrypting a file and read from the encrypted file when it is decrypted. -.PP -Some of the ciphers do not have large keys and others have security -implications if not used correctly. A beginner is advised to just use -a strong block cipher in \s-1CBC\s0 mode such as bf or des3. -.PP -All the block ciphers use PKCS#5 padding also known as standard block -padding: this allows a rudimentary integrity or password check to be -performed. However since the chance of random data passing the test is -better than 1 in 256 it isn't a very good test. -.PP -All \s-1RC2\s0 ciphers have the same key and effective key length. -.PP -Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. -.SH "SUPPORTED CIPHERS" -.IX Header "SUPPORTED CIPHERS" -.Vb 1 -\& base64 Base 64 -.Ve -.Vb 5 -\& bf-cbc Blowfish in CBC mode -\& bf Alias for bf-cbc -\& bf-cfb Blowfish in CFB mode -\& bf-ecb Blowfish in ECB mode -\& bf-ofb Blowfish in OFB mode -.Ve -.Vb 6 -\& cast-cbc CAST in CBC mode -\& cast Alias for cast-cbc -\& cast5-cbc CAST5 in CBC mode -\& cast5-cfb CAST5 in CFB mode -\& cast5-ecb CAST5 in ECB mode -\& cast5-ofb CAST5 in OFB mode -.Ve -.Vb 5 -\& des-cbc DES in CBC mode -\& des Alias for des-cbc -\& des-cfb DES in CBC mode -\& des-ofb DES in OFB mode -\& des-ecb DES in ECB mode -.Ve -.Vb 4 -\& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Alias for des-ede -\& des-ede-cfb Two key triple DES EDE in CFB mode -\& des-ede-ofb Two key triple DES EDE in OFB mode -.Ve -.Vb 5 -\& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Alias for des-ede3-cbc -\& des3 Alias for des-ede3-cbc -\& des-ede3-cfb Three key triple DES EDE CFB mode -\& des-ede3-ofb Three key triple DES EDE in OFB mode -.Ve -.Vb 1 -\& desx DESX algorithm. -.Ve -.Vb 5 -\& idea-cbc IDEA algorithm in CBC mode -\& idea same as idea-cbc -\& idea-cfb IDEA in CFB mode -\& idea-ecb IDEA in ECB mode -\& idea-ofb IDEA in OFB mode -.Ve -.Vb 7 -\& rc2-cbc 128 bit RC2 in CBC mode -\& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CBC mode -\& rc2-ecb 128 bit RC2 in CBC mode -\& rc2-ofb 128 bit RC2 in CBC mode -\& rc2-64-cbc 64 bit RC2 in CBC mode -\& rc2-40-cbc 40 bit RC2 in CBC mode -.Ve -.Vb 3 -\& rc4 128 bit RC4 -\& rc4-64 64 bit RC4 -\& rc4-40 40 bit RC4 -.Ve -.Vb 5 -\& rc5-cbc RC5 cipher in CBC mode -\& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CBC mode -\& rc5-ecb RC5 cipher in CBC mode -\& rc5-ofb RC5 cipher in CBC mode -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Just base64 encode a binary file: -.PP -.Vb 1 -\& openssl base64 -in file.bin -out file.b64 -.Ve -Decode the same file -.PP -.Vb 1 -\& openssl base64 -d -in file.b64 -out file.bin -.Ve -Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: -.PP -.Vb 1 -\& openssl des3 -salt -in file.txt -out file.des3 -.Ve -Decrypt a file using a supplied password: -.PP -.Vb 1 -\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword -.Ve -Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in \s-1CBC\s0 mode: -.PP -.Vb 1 -\& openssl bf -a -salt -in file.txt -out file.bf -.Ve -Base64 decode a file then decrypt it: -.PP -.Vb 1 -\& openssl bf -d -salt -a -in file.bf -out file.txt -.Ve -Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: -.PP -.Vb 1 -\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \fB\-A\fR option when used with large files doesn't work properly. -.PP -There should be an option to allow an iteration count to be included. -.PP -Like the \s-1EVP\s0 library the \fBenc\fR program only supports a fixed number of -algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 -with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. |