1.\" $OpenBSD: encrypt.1,v 1.23 2013/05/23 01:33:08 tedu Exp $ 2.\" 3.\" Copyright (c) 1996, Jason Downs. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 15.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 18.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 19.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd $Mdocdate: May 23 2013 $ 27.Dt ENCRYPT 1 28.Os 29.Sh NAME 30.Nm encrypt 31.Nd encrypt passwords from the command line or standard input 32.Sh SYNOPSIS 33.Nm encrypt 34.Op Fl km 35.Op Fl b Ar rounds 36.Op Fl c Ar class 37.Op Fl p | Ar string 38.Op Fl s Ar salt 39.Nm makekey 40.Sh DESCRIPTION 41.Nm 42prints the encrypted form of 43.Ar string 44to the standard output. 45This is mostly useful for encrypting passwords from within scripts. 46.Pp 47When invoked as 48.Nm makekey , 49a single combined key and salt are read from standard 50input and the DES encrypted result is written to standard output without a 51terminating newline. 52.Pp 53The options are as follows: 54.Bl -tag -width Ds 55.It Fl b Ar rounds 56Encrypt the string using Blowfish hashing with the specified number of 57.Ar rounds . 58May also specify 'a' to request a variable number of rounds scaled to the 59machine's CPU capabilities. 60.It Fl c Ar class 61Use the cipher type specified in the given user login class. 62See 63.Xr login.conf 5 64for more information. 65.It Fl k 66Run in 67.Nm makekey 68compatible mode. 69.It Fl m 70Encrypt the string using MD5. 71.It Fl p 72Prompt for a single string with echo turned off. 73.It Fl s Ar salt 74Encrypt the string using DES, with the specified 75.Ar salt . 76.El 77.Pp 78If no 79.Ar string 80is specified, 81.Nm 82reads one string per line from standard input, encrypting each one 83with the chosen algorithm from above. 84In the case where no specific algorithm or specific user login class was given 85as a command line option, the algorithm specified in the default class in 86.Pa /etc/login.conf 87will be used. 88.Pp 89For MD5 and Blowfish, a new random salt is automatically generated for each 90password. 91.Pp 92Specifying the 93.Ar string 94on the command line should be discouraged; using the 95standard input is more secure. 96.Sh FILES 97.Bl -tag -width /etc/login.conf -compact 98.It Pa /etc/login.conf 99.El 100.Sh SEE ALSO 101.Xr crypt 3 , 102.Xr login.conf 5 103.Sh HISTORY 104.Nm 105first appeared in 106.Ox 1.2 . 107.Pp 108A 109.Nm makekey 110command appeared in 111.At v7 . 112