Lines Matching +full:no +full:- +full:sm4
1 .\" $NetBSD: openssl-enc.1,v 1.1 2024/07/12 21:01:07 christos Exp $
3 .\" -*- mode: troff; coding: utf-8 -*-
59 .IX Title "OPENSSL-ENC 1"
60 .TH OPENSSL-ENC 1 2024-07-11 3.0.14 OpenSSL
66 openssl\-enc \- symmetric cipher routines
70 [\fB\-\fR\f(BIcipher\fR]
71 [\fB\-help\fR]
72 [\fB\-list\fR]
73 [\fB\-ciphers\fR]
74 [\fB\-in\fR \fIfilename\fR]
75 [\fB\-out\fR \fIfilename\fR]
76 [\fB\-pass\fR \fIarg\fR]
77 [\fB\-e\fR]
78 [\fB\-d\fR]
79 [\fB\-a\fR]
80 [\fB\-base64\fR]
81 [\fB\-A\fR]
82 [\fB\-k\fR \fIpassword\fR]
83 [\fB\-kfile\fR \fIfilename\fR]
84 [\fB\-K\fR \fIkey\fR]
85 [\fB\-iv\fR \fIIV\fR]
86 [\fB\-S\fR \fIsalt\fR]
87 [\fB\-salt\fR]
88 [\fB\-nosalt\fR]
89 [\fB\-z\fR]
90 [\fB\-md\fR \fIdigest\fR]
91 [\fB\-iter\fR \fIcount\fR]
92 [\fB\-pbkdf2\fR]
93 [\fB\-p\fR]
94 [\fB\-P\fR]
95 [\fB\-bufsize\fR \fInumber\fR]
96 [\fB\-nopad\fR]
97 [\fB\-v\fR]
98 [\fB\-debug\fR]
99 [\fB\-none\fR]
100 [\fB\-engine\fR \fIid\fR]
101 [\fB\-rand\fR \fIfiles\fR]
102 [\fB\-writerand\fR \fIfile\fR]
103 [\fB\-provider\fR \fIname\fR]
104 [\fB\-provider\-path\fR \fIpath\fR]
105 [\fB\-propquery\fR \fIpropq\fR]
116 .IP \fB\-\fR\f(BIcipher\fR 4
117 .IX Item "-cipher"
119 .IP \fB\-help\fR 4
120 .IX Item "-help"
122 .IP \fB\-list\fR 4
123 .IX Item "-list"
125 .IP \fB\-ciphers\fR 4
126 .IX Item "-ciphers"
127 Alias of \-list to display all supported ciphers.
128 .IP "\fB\-in\fR \fIfilename\fR" 4
129 .IX Item "-in filename"
131 .IP "\fB\-out\fR \fIfilename\fR" 4
132 .IX Item "-out filename"
134 .IP "\fB\-pass\fR \fIarg\fR" 4
135 .IX Item "-pass arg"
137 see \fBopenssl\-passphrase\-options\fR\|(1).
138 .IP \fB\-e\fR 4
139 .IX Item "-e"
141 .IP \fB\-d\fR 4
142 .IX Item "-d"
144 .IP \fB\-a\fR 4
145 .IX Item "-a"
149 .IP \fB\-base64\fR 4
150 .IX Item "-base64"
151 Same as \fB\-a\fR
152 .IP \fB\-A\fR 4
153 .IX Item "-A"
154 If the \fB\-a\fR option is set then base64 process the data on one line.
155 .IP "\fB\-k\fR \fIpassword\fR" 4
156 .IX Item "-k password"
158 versions of OpenSSL. Superseded by the \fB\-pass\fR argument.
159 .IP "\fB\-kfile\fR \fIfilename\fR" 4
160 .IX Item "-kfile filename"
163 the \fB\-pass\fR argument.
164 .IP "\fB\-md\fR \fIdigest\fR" 4
165 .IX Item "-md digest"
167 The default algorithm is sha\-256.
168 .IP "\fB\-iter\fR \fIcount\fR" 4
169 .IX Item "-iter count"
171 High values increase the time required to brute-force the resulting file.
173 .IP \fB\-pbkdf2\fR 4
174 .IX Item "-pbkdf2"
176 unless otherwise specified by the \fB\-iter\fR command line option.
177 .IP \fB\-nosalt\fR 4
178 .IX Item "-nosalt"
182 .IP \fB\-salt\fR 4
183 .IX Item "-salt"
184 Use salt (randomly generated or provide with \fB\-S\fR option) when
186 .IP "\fB\-S\fR \fIsalt\fR" 4
187 .IX Item "-S salt"
191 .IP "\fB\-K\fR \fIkey\fR" 4
192 .IX Item "-K key"
195 using the \fB\-iv\fR option. When both a key and a password are specified, the
196 key given with the \fB\-K\fR option will be used and the IV generated from the
199 .IP "\fB\-iv\fR \fIIV\fR" 4
200 .IX Item "-iv IV"
202 of hex digits. When only the key is specified using the \fB\-K\fR option, the
205 .IP \fB\-p\fR 4
206 .IX Item "-p"
208 .IP \fB\-P\fR 4
209 .IX Item "-P"
212 .IP "\fB\-bufsize\fR \fInumber\fR" 4
213 .IX Item "-bufsize number"
215 .IP \fB\-nopad\fR 4
216 .IX Item "-nopad"
218 .IP \fB\-v\fR 4
219 .IX Item "-v"
221 .IP \fB\-debug\fR 4
222 .IX Item "-debug"
224 .IP \fB\-z\fR 4
225 .IX Item "-z"
228 or zlib-dynamic option.
229 .IP \fB\-none\fR 4
230 .IX Item "-none"
231 Use NULL cipher (no encryption or decryption of input).
232 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
233 .IX Item "-rand files, -writerand file"
235 .IP "\fB\-provider\fR \fIname\fR" 4
236 .IX Item "-provider name"
238 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
239 .IX Item "-provider-path path"
240 .IP "\fB\-propquery\fR \fIpropq\fR" 4
241 .IX Item "-propquery propq"
244 .IP "\fB\-engine\fR \fIid\fR" 4
245 .IX Item "-engine id"
251 \&\f(CW\*(C`openssl enc \-\fR\f(CIcipher\fR\f(CW\*(C'\fR. The first form doesn't work with
252 engine-provided ciphers, because this form is processed before the
254 Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers.
258 configuration file. Engines specified on the command line using \fB\-engine\fR
259 option can only be used for hardware-assisted implementations of
268 The \fB\-salt\fR option should \fBALWAYS\fR be used if the key is being derived
272 Without the \fB\-salt\fR option it is possible to perform efficient dictionary
278 passphrase without explicit salt given using \fB\-S\fR option), the first bytes
297 Please note that OpenSSL 3.0 changed the effect of the \fB\-S\fR option.
298 Any explicit salt value specified via this option is no longer prepended to the
300 Conversely, when the \fB\-S\fR option is used during decryption, the ciphertext
304 explicit salt under OpenSSL 1.1.1 do not use the \fB\-S\fR option, the salt will
307 the \fB\-S\fR option, the salt will be then be generated randomly and prepended
314 with the \fB\-list\fR option (that is \f(CW\*(C`openssl enc \-list\*(C'\fR) is
321 when \fB\-out\fR is not used) before the authentication tag could be validated.
332 modes or other modes, \fBopenssl\-cms\fR\|(1) is recommended, as it provides a
338 \& bf\-cbc Blowfish in CBC mode
339 \& bf Alias for bf\-cbc
340 \& blowfish Alias for bf\-cbc
341 \& bf\-cfb Blowfish in CFB mode
342 \& bf\-ecb Blowfish in ECB mode
343 \& bf\-ofb Blowfish in OFB mode
345 \& cast\-cbc CAST in CBC mode
346 \& cast Alias for cast\-cbc
347 \& cast5\-cbc CAST5 in CBC mode
348 \& cast5\-cfb CAST5 in CFB mode
349 \& cast5\-ecb CAST5 in ECB mode
350 \& cast5\-ofb CAST5 in OFB mode
354 \& des\-cbc DES in CBC mode
355 \& des Alias for des\-cbc
356 \& des\-cfb DES in CFB mode
357 \& des\-ofb DES in OFB mode
358 \& des\-ecb DES in ECB mode
360 \& des\-ede\-cbc Two key triple DES EDE in CBC mode
361 \& des\-ede Two key triple DES EDE in ECB mode
362 \& des\-ede\-cfb Two key triple DES EDE in CFB mode
363 \& des\-ede\-ofb Two key triple DES EDE in OFB mode
365 \& des\-ede3\-cbc Three key triple DES EDE in CBC mode
366 \& des\-ede3 Three key triple DES EDE in ECB mode
367 \& des3 Alias for des\-ede3\-cbc
368 \& des\-ede3\-cfb Three key triple DES EDE CFB mode
369 \& des\-ede3\-ofb Three key triple DES EDE in OFB mode
373 \& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine)
374 \& gost89\-cnt GOST 28147\-89 in CNT mode (provided by ccgost engine)
376 \& idea\-cbc IDEA algorithm in CBC mode
377 \& idea same as idea\-cbc
378 \& idea\-cfb IDEA in CFB mode
379 \& idea\-ecb IDEA in ECB mode
380 \& idea\-ofb IDEA in OFB mode
382 \& rc2\-cbc 128 bit RC2 in CBC mode
383 \& rc2 Alias for rc2\-cbc
384 \& rc2\-cfb 128 bit RC2 in CFB mode
385 \& rc2\-ecb 128 bit RC2 in ECB mode
386 \& rc2\-ofb 128 bit RC2 in OFB mode
387 \& rc2\-64\-cbc 64 bit RC2 in CBC mode
388 \& rc2\-40\-cbc 40 bit RC2 in CBC mode
391 \& rc4\-64 64 bit RC4
392 \& rc4\-40 40 bit RC4
394 \& rc5\-cbc RC5 cipher in CBC mode
395 \& rc5 Alias for rc5\-cbc
396 \& rc5\-cfb RC5 cipher in CFB mode
397 \& rc5\-ecb RC5 cipher in ECB mode
398 \& rc5\-ofb RC5 cipher in OFB mode
400 \& seed\-cbc SEED cipher in CBC mode
401 \& seed Alias for seed\-cbc
402 \& seed\-cfb SEED cipher in CFB mode
403 \& seed\-ecb SEED cipher in ECB mode
404 \& seed\-ofb SEED cipher in OFB mode
406 \& sm4\-cbc SM4 cipher in CBC mode
407 \& sm4 Alias for sm4\-cbc
408 \& sm4\-cfb SM4 cipher in CFB mode
409 \& sm4\-ctr SM4 cipher in CTR mode
410 \& sm4\-ecb SM4 cipher in ECB mode
411 \& sm4\-ofb SM4 cipher in OFB mode
413 \& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode
414 \& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc
415 \& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode
416 \& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode
417 \& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode
418 \& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode
419 \& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode
420 \& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode
422 \& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode
423 \& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc
424 \& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode
425 \& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
426 \& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
427 \& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode
428 \& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode
429 \& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode
431 \& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode
432 \& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc
433 \& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode
434 \& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
435 \& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
436 \& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode
437 \& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode
438 \& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode
445 \& openssl base64 \-in file.bin \-out file.b64
451 \& openssl base64 \-d \-in file.b64 \-out file.bin
454 Encrypt a file using AES\-128 using a prompted password
458 \& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128
464 \& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e
465 \& \-pass pass:<password>
469 using AES\-256 in CTR mode and PBKDF2 key derivation:
472 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256
478 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e
479 \& \-pass file:<passfile>
483 The \fB\-A\fR option when used with large files doesn't work properly.
492 The \fB\-list\fR option was added in OpenSSL 1.1.1e.
494 The \fB\-ciphers\fR and \fB\-engine\fR options were deprecated in OpenSSL 3.0.
497 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.