summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/enc.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/enc.1')
-rw-r--r--secure/usr.bin/openssl/man/enc.156
1 files changed, 51 insertions, 5 deletions
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 9e82bcc5..6626c16 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ENC 1 "2012-05-10" "1.0.1c" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,17 +139,24 @@ enc \- symmetric cipher routines
[\fB\-pass arg\fR]
[\fB\-e\fR]
[\fB\-d\fR]
-[\fB\-a\fR]
+[\fB\-a/\-base64\fR]
[\fB\-A\fR]
[\fB\-k password\fR]
[\fB\-kfile filename\fR]
[\fB\-K key\fR]
[\fB\-iv \s-1IV\s0\fR]
+[\fB\-S salt\fR]
+[\fB\-salt\fR]
+[\fB\-nosalt\fR]
+[\fB\-z\fR]
+[\fB\-md\fR]
[\fB\-p\fR]
[\fB\-P\fR]
[\fB\-bufsize number\fR]
[\fB\-nopad\fR]
[\fB\-debug\fR]
+[\fB\-none\fR]
+[\fB\-engine id\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The symmetric cipher commands allow data to be encrypted or decrypted
@@ -187,6 +194,9 @@ decrypt the input data.
base64 process the data. This means that if encryption is taking place
the data is base64 encoded after encryption. If decryption is set then
the input data is base64 decoded before being decrypted.
+.IP "\fB\-base64\fR" 4
+.IX Item "-base64"
+same as \fB\-a\fR
.IP "\fB\-A\fR" 4
.IX Item "-A"
if the \fB\-a\fR option is set then base64 process the data on one line.
@@ -199,10 +209,16 @@ versions of OpenSSL. Superseded by the \fB\-pass\fR argument.
read the password to derive the key from the first line of \fBfilename\fR.
This is for compatibility with previous versions of OpenSSL. Superseded by
the \fB\-pass\fR argument.
+.IP "\fB\-nosalt\fR" 4
+.IX Item "-nosalt"
+do not use a salt
+.IP "\fB\-salt\fR" 4
+.IX Item "-salt"
+use salt (randomly generated or provide with \fB\-S\fR option) when
+encrypting (this is the default).
.IP "\fB\-S salt\fR" 4
.IX Item "-S salt"
-the actual salt to use: this must be represented as a string comprised only
-of hex digits.
+the actual salt to use: this must be represented as a string of hex digits.
.IP "\fB\-K key\fR" 4
.IX Item "-K key"
the actual key to use: this must be represented as a string comprised only
@@ -233,10 +249,30 @@ disable standard block padding
.IP "\fB\-debug\fR" 4
.IX Item "-debug"
debug the BIOs used for I/O.
+.IP "\fB\-z\fR" 4
+.IX Item "-z"
+Compress or decompress clear text using zlib before encryption or after
+decryption. This option exists only if OpenSSL with compiled with zlib
+or zlib-dynamic option.
+.IP "\fB\-none\fR" 4
+.IX Item "-none"
+Use \s-1NULL\s0 cipher (no encryption or decryption of input).
.SH "NOTES"
.IX Header "NOTES"
The program can be called either as \fBopenssl ciphername\fR or
-\&\fBopenssl enc \-ciphername\fR.
+\&\fBopenssl enc \-ciphername\fR. But the first form doesn't work with
+engine-provided ciphers, because this form is processed before the
+configuration file is read and any ENGINEs loaded.
+.PP
+Engines which provide entirely new encryption algorithms (such as ccgost
+engine which provides gost89 algorithm) should be configured in the
+configuration file. Engines, specified in the command line using \-engine
+options can only be used for hadrware-assisted implementations of
+ciphers, which are supported by OpenSSL core or other engine, specified
+in the configuration file.
+.PP
+When enc command lists supported ciphers, ciphers provided by engines,
+specified in the configuration files are listed too.
.PP
A password will be prompted for to derive the key and \s-1IV\s0 if necessary.
.PP
@@ -268,6 +304,13 @@ All \s-1RC2\s0 ciphers have the same key and effective key length.
Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
.SH "SUPPORTED CIPHERS"
.IX Header "SUPPORTED CIPHERS"
+Note that some of these ciphers can be disabled at compile time
+and some are available only if an appropriate engine is configured
+in the configuration file. The output of the \fBenc\fR command run with
+unsupported options (for example \fBopenssl enc \-help\fR) includes a
+list of ciphers, supported by your versesion of OpenSSL, including
+ones provided by configured engines.
+.PP
.Vb 1
\& base64 Base 64
\&
@@ -303,6 +346,9 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
\&
\& desx DESX algorithm.
\&
+\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine)
+\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine)
+\&
\& idea\-cbc IDEA algorithm in CBC mode
\& idea same as idea\-cbc
\& idea\-cfb IDEA in CFB mode
OpenPOWER on IntegriCloud