X-Git-Url: https://gitweb.dragonflybsd.org/~nant/dragonfly.git/blobdiff_plain/5c67d9f046c3eb827e77e8cb068c6c325e33b3ab..b911043fd60768ddb57a4c03f03d4f1a39c57cd8:/secure/usr.bin/openssl/man/enc.1 diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 9ef9a3d3f1..516761254c 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2008-09-27" "0.9.8i" "OpenSSL" +.TH ENC 1 "2010-12-02" "1.0.0c" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" enc \- symmetric cipher routines .SH "SYNOPSIS" @@ -140,17 +139,24 @@ enc \- symmetric cipher routines [\fB\-pass arg\fR] [\fB\-e\fR] [\fB\-d\fR] -[\fB\-a\fR] +[\fB\-a/\-base64\fR] [\fB\-A\fR] [\fB\-k password\fR] [\fB\-kfile filename\fR] [\fB\-K key\fR] [\fB\-iv \s-1IV\s0\fR] +[\fB\-S salt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-bufsize number\fR] [\fB\-nopad\fR] [\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-engine id\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The symmetric cipher commands allow data to be encrypted or decrypted @@ -171,14 +177,12 @@ the password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-salt\fR" 4 .IX Item "-salt" -use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. +use a salt in the key derivation routines. This is the default. .IP "\fB\-nosalt\fR" 4 .IX Item "-nosalt" -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. +don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of OpenSSL +and SSLeay. .IP "\fB\-e\fR" 4 .IX Item "-e" encrypt the input data: this is the default. @@ -190,6 +194,9 @@ decrypt the input data. base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +same as \fB\-a\fR .IP "\fB\-A\fR" 4 .IX Item "-A" if the \fB\-a\fR option is set then base64 process the data on one line. @@ -202,10 +209,16 @@ versions of OpenSSL. Superseded by the \fB\-pass\fR argument. read the password to derive the key from the first line of \fBfilename\fR. This is for compatibility with previous versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +do not use a salt +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting (this is the default). .IP "\fB\-S salt\fR" 4 .IX Item "-S salt" -the actual salt to use: this must be represented as a string comprised only -of hex digits. +the actual salt to use: this must be represented as a string of hex digits. .IP "\fB\-K key\fR" 4 .IX Item "-K key" the actual key to use: this must be represented as a string comprised only @@ -236,10 +249,30 @@ disable standard block padding .IP "\fB\-debug\fR" 4 .IX Item "-debug" debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). .SH "NOTES" .IX Header "NOTES" The program can be called either as \fBopenssl ciphername\fR or -\&\fBopenssl enc \-ciphername\fR. +\&\fBopenssl enc \-ciphername\fR. But the first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +.PP +Engines which provide entirely new encryption algorithms (such as ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines, specified in the command line using \-engine +options can only be used for hadrware-assisted implementations of +ciphers, which are supported by OpenSSL core or other engine, specified +in the configuration file. +.PP +When enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. .PP A password will be prompted for to derive the key and \s-1IV\s0 if necessary. .PP @@ -271,138 +304,126 @@ All \s-1RC2\s0 ciphers have the same key and effective key length. Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .SH "SUPPORTED CIPHERS" .IX Header "SUPPORTED CIPHERS" -.Vb 1 -\& base64 Base 64 -.Ve -.PP -.Vb 5 -\& bf-cbc Blowfish in CBC mode -\& bf Alias for bf-cbc -\& bf-cfb Blowfish in CFB mode -\& bf-ecb Blowfish in ECB mode -\& bf-ofb Blowfish in OFB mode -.Ve -.PP -.Vb 6 -\& cast-cbc CAST in CBC mode -\& cast Alias for cast-cbc -\& cast5-cbc CAST5 in CBC mode -\& cast5-cfb CAST5 in CFB mode -\& cast5-ecb CAST5 in ECB mode -\& cast5-ofb CAST5 in OFB mode -.Ve -.PP -.Vb 5 -\& des-cbc DES in CBC mode -\& des Alias for des-cbc -\& des-cfb DES in CBC mode -\& des-ofb DES in OFB mode -\& des-ecb DES in ECB mode -.Ve -.PP -.Vb 4 -\& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Two key triple DES EDE in ECB mode -\& des-ede-cfb Two key triple DES EDE in CFB mode -\& des-ede-ofb Two key triple DES EDE in OFB mode -.Ve -.PP -.Vb 5 -\& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Three key triple DES EDE in ECB mode -\& des3 Alias for des-ede3-cbc -\& des-ede3-cfb Three key triple DES EDE CFB mode -\& des-ede3-ofb Three key triple DES EDE in OFB mode -.Ve +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output of the \fBenc\fR command run with +unsupported options (for example \fBopenssl enc \-help\fR) includes a +list of ciphers, supported by your versesion of OpenSSL, including +ones provided by configured engines. .PP .Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CBC mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& \& desx DESX algorithm. -.Ve -.PP -.Vb 5 -\& idea-cbc IDEA algorithm in CBC mode -\& idea same as idea-cbc -\& idea-cfb IDEA in CFB mode -\& idea-ecb IDEA in ECB mode -\& idea-ofb IDEA in OFB mode -.Ve -.PP -.Vb 7 -\& rc2-cbc 128 bit RC2 in CBC mode -\& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CFB mode -\& rc2-ecb 128 bit RC2 in ECB mode -\& rc2-ofb 128 bit RC2 in OFB mode -\& rc2-64-cbc 64 bit RC2 in CBC mode -\& rc2-40-cbc 40 bit RC2 in CBC mode -.Ve -.PP -.Vb 3 +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& \& rc4 128 bit RC4 -\& rc4-64 64 bit RC4 -\& rc4-40 40 bit RC4 -.Ve -.PP -.Vb 5 -\& rc5-cbc RC5 cipher in CBC mode -\& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CFB mode -\& rc5-ecb RC5 cipher in ECB mode -\& rc5-ofb RC5 cipher in OFB mode -.Ve -.PP -.Vb 7 -\& aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode -\& aes-[128|192|256] Alias for aes-[128|192|256]-cbc -\& aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode -\& aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode -\& aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode -\& aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode -\& aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes\-[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" Just base64 encode a binary file: .PP .Vb 1 -\& openssl base64 -in file.bin -out file.b64 +\& openssl base64 \-in file.bin \-out file.b64 .Ve .PP Decode the same file .PP .Vb 1 -\& openssl base64 -d -in file.b64 -out file.bin +\& openssl base64 \-d \-in file.b64 \-out file.bin .Ve .PP Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: .PP .Vb 1 -\& openssl des3 -salt -in file.txt -out file.des3 +\& openssl des3 \-salt \-in file.txt \-out file.des3 .Ve .PP Decrypt a file using a supplied password: .PP .Vb 1 -\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword +\& openssl des3 \-d \-salt \-in file.des3 \-out file.txt \-k mypassword .Ve .PP Encrypt a file then base64 encode it (so it can be sent via mail for example) using Blowfish in \s-1CBC\s0 mode: .PP .Vb 1 -\& openssl bf -a -salt -in file.txt -out file.bf +\& openssl bf \-a \-salt \-in file.txt \-out file.bf .Ve .PP Base64 decode a file then decrypt it: .PP .Vb 1 -\& openssl bf -d -salt -a -in file.bf -out file.txt +\& openssl bf \-d \-salt \-a \-in file.bf \-out file.txt .Ve .PP Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: .PP .Vb 1 -\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 +\& openssl rc4\-40 \-in file.rc4 \-out file.txt \-K 0102030405 .Ve .SH "BUGS" .IX Header "BUGS"