4 enc - symmetric cipher routines
8 B<openssl enc -ciphername>
26 The symmetric cipher commands allow data to be encrytped or decrypted
27 using various block and stream ciphers using keys based on passwords
28 or explicitly provided. Base64 encoding or decoding can also be performed
29 either by itself or in addition to the encryption or decryption.
37 the input filename, standard input by default.
39 =item B<-out filename>
41 the output filename, standard output by default.
45 encrypt the input data: this is the default.
49 decrypt the input data.
53 base64 process the data. This means that if encryption is taking place
54 the data is base64 encoded after encryption. If decryption is set then
55 the input data is base64 decoded before being decrypted.
59 if the B<-a> option is set then base64 process the data on one line.
63 the password to derive the key from.
65 =item B<-kfile filename>
67 read the password to derive the key from the first line of B<filename>
71 the actual key to use: this must be represented as a string comprised only
76 the actual IV to use: this must be represented as a string comprised only
81 print out the key and IV used.
85 print out the key and IV used then immediately exit: don't do any encryption
88 =item B<-bufsize number>
90 set the buffer size for I/O
94 debug the BIOs used for I/O.
100 The program can be called either as B<openssl ciphername> or
101 B<openssl enc -ciphername>.
103 A password will be prompted for to derive the key and IV if necessary.
105 All the block ciphers use PKCS#5 padding also known as standard block
106 padding: this allows a rudimentary integrity or password check to be
107 performed. However since the chance of random data passing the test is
108 better than 1 in 256 it isn't a very good test.
110 All RC2 ciphers have the same key and effective key length.
112 Blowfish and RC5 algorithms use a 128 bit key.
114 =head1 SUPPORTED CIPHERS
118 bf-cbc Blowfish in CBC mode
120 bf-cfb Blowish in CFB mode
121 bf-ecb Blowfish in ECB mode
122 bf-ofb Blowfish in OFB mode
124 cast-cbc CAST in CBC mode
125 cast Alias for cast-cbc
126 cast5-cbc CAST5 in CBC mode
127 cast5-cfb CAST5 in CFB mode
128 cast5-ecb CAST5 in ECB mode
129 cast5-ofb CAST5 in OFB mode
131 des-cbc DES in CBC mode
132 des Alias for des-cbc
133 des-cfb DES in CBC mode
134 des-ofb DES in OFB mode
135 des-ecb DES in ECB mode
137 des-ede-cbc Two key triple DES EDE in CBC mode
138 des-ede Alias for des-ede
139 des-ede-cfb Two key triple DES EDE in CFB mode
140 des-ede-ofb Two key triple DES EDE in OFB mode
142 des-ede3-cbc Three key triple DES EDE in CBC mode
143 des-ede3 Alias for des-ede3-cbc
144 des3 Alias for des-ede3-cbc
145 des-ede3-cfb Three key triple DES EDE CFB mode
146 des-ede3-ofb Three key triple DES EDE in OFB mode
150 idea-cbc IDEA algorithm in CBC mode
151 idea same as idea-cbc
152 idea-cfb IDEA in CFB mode
153 idea-ecb IDEA in ECB mode
154 idea-ofb IDEA in OFB mode
156 rc2-cbc 128 bit RC2 in CBC mode
157 rc2 Alias for rc2-cbc
158 rc2-cfb 128 bit RC2 in CBC mode
159 rc2-ecb 128 bit RC2 in CBC mode
160 rc2-ofb 128 bit RC2 in CBC mode
161 rc2-64-cbc 64 bit RC2 in CBC mode
162 rc2-40-cbc 40 bit RC2 in CBC mode
168 rc5-cbc RC5 cipher in CBC mode
169 rc5 Alias for rc5-cbc
170 rc5-cfb RC5 cipher in CBC mode
171 rc5-ecb RC5 cipher in CBC mode
172 rc5-ofb RC5 cipher in CBC mode
180 The B<-A> option when used with large files doesn't work properly.
182 The key derivation algorithm used is compatible with the SSLeay algorithm. It
183 is not very good: it uses unsalted MD5. There should be an option to allow a
184 salt or iteration count to be included.
186 Like the EVP library the B<enc> program only supports a fixed number of
187 algorithms with certain parameters. So if, for example, you want to use RC2
188 with a 76 bit key or RC4 with an 84 bit key you can't use this program.