1.\" $OpenBSD: encrypt.1,v 1.22 2007/05/31 19:20:09 jmc Exp $ 2.\" 3.\" Copyright (c) 1996, Jason Downs. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 15.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 18.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 19.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd $Mdocdate: May 31 2007 $ 27.Dt ENCRYPT 1 28.Os 29.Sh NAME 30.Nm encrypt 31.Nd encrypt passwords from the command line or standard input 32.Sh SYNOPSIS 33.Nm encrypt 34.Op Fl km 35.Op Fl b Ar rounds 36.Op Fl c Ar class 37.Op Fl p | Ar string 38.Op Fl s Ar salt 39.Nm makekey 40.Sh DESCRIPTION 41.Nm 42prints the encrypted form of 43.Ar string 44to the standard output. 45This is mostly useful for encrypting passwords from within scripts. 46.Pp 47When invoked as 48.Nm makekey , 49a single combined key and salt are read from standard 50input and the DES encrypted result is written to standard output without a 51terminating newline. 52.Pp 53The options are as follows: 54.Bl -tag -width Ds 55.It Fl b Ar rounds 56Encrypt the string using Blowfish hashing with the specified 57.Ar rounds . 58.It Fl c Ar class 59Use the cipher type specified in the given user login class. 60See 61.Xr login.conf 5 62for more information. 63.It Fl k 64Run in 65.Nm makekey 66compatible mode. 67.It Fl m 68Encrypt the string using MD5. 69.It Fl p 70Prompt for a single string with echo turned off. 71.It Fl s Ar salt 72Encrypt the string using DES, with the specified 73.Ar salt . 74.El 75.Pp 76If no 77.Ar string 78is specified, 79.Nm 80reads one string per line from standard input, encrypting each one 81with the chosen algorithm from above. 82In the case where no specific algorithm or specific user login class was given 83as a command line option, the algorithm specified in the default class in 84.Pa /etc/login.conf 85will be used. 86.Pp 87For MD5 and Blowfish, a new random salt is automatically generated for each 88password. 89.Pp 90Specifying the 91.Ar string 92on the command line should be discouraged; using the 93standard input is more secure. 94.Sh FILES 95.Bl -tag -width /etc/login.conf -compact 96.It Pa /etc/login.conf 97.El 98.Sh SEE ALSO 99.Xr crypt 3 , 100.Xr login.conf 5 101.Sh HISTORY 102.Nm 103first appeared in 104.Ox 1.2 . 105.Pp 106A 107.Nm makekey 108command appeared in 109.At v7 . 110