B<openssl enc -ciphername>
[B<-in filename>]
[B<-out filename>]
+[B<-pass arg>]
[B<-e>]
[B<-d>]
[B<-a>]
[B<-p>]
[B<-P>]
[B<-bufsize number>]
+[B<-nopad>]
[B<-debug>]
=head1 DESCRIPTION
the output filename, standard output by default.
+=item B<-pass arg>
+
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-salt>
use a salt in the key derivation routines. This option should B<ALWAYS>
=item B<-k password>
-the password to derive the key from.
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
=item B<-kfile filename>
-read the password to derive the key from the first line of B<filename>
+read the password to derive the key from the first line of B<filename>.
+This is for compatibility with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
=item B<-S salt>
=item B<-K key>
the actual key to use: this must be represented as a string comprised only
-of hex digits.
+of hex digits. If only the key is specified, the IV must additionally specified
+using the B<-iv> option. When both a key and a password are specified, the
+key given with the B<-K> option will be used and the IV generated from the
+password will be taken. It probably does not make much sense to specify
+both key and password.
=item B<-iv IV>
the actual IV to use: this must be represented as a string comprised only
-of hex digits.
+of hex digits. When only the key is specified using the B<-K> option, the
+IV must explicitly be defined. When a password is being specified using
+one of the other options, the IV is generated from this password.
=item B<-p>
set the buffer size for I/O
+=item B<-nopad>
+
+disable standard block padding
+
=item B<-debug>
debug the BIOs used for I/O.
implications if not used correctly. A beginner is advised to just use
a strong block cipher in CBC mode such as bf or des3.
-All the block ciphers use PKCS#5 padding also known as standard block
+All the block ciphers normally use PKCS#5 padding also known as standard block
padding: this allows a rudimentary integrity or password check to be
performed. However since the chance of random data passing the test is
better than 1 in 256 it isn't a very good test.
+If padding is disabled then the input data must be a multiple of the cipher
+block length.
+
All RC2 ciphers have the same key and effective key length.
Blowfish and RC5 algorithms use a 128 bit key.
des-ecb DES in ECB mode
des-ede-cbc Two key triple DES EDE in CBC mode
- des-ede Alias for des-ede
+ des-ede Two key triple DES EDE in ECB mode
des-ede-cfb Two key triple DES EDE in CFB mode
des-ede-ofb Two key triple DES EDE in OFB mode
des-ede3-cbc Three key triple DES EDE in CBC mode
- des-ede3 Alias for des-ede3-cbc
+ des-ede3 Three key triple DES EDE in ECB mode
des3 Alias for des-ede3-cbc
des-ede3-cfb Three key triple DES EDE CFB mode
des-ede3-ofb Three key triple DES EDE in OFB mode
rc2-cbc 128 bit RC2 in CBC mode
rc2 Alias for rc2-cbc
- rc2-cfb 128 bit RC2 in CBC mode
- rc2-ecb 128 bit RC2 in CBC mode
- rc2-ofb 128 bit RC2 in CBC mode
+ rc2-cfb 128 bit RC2 in CFB mode
+ rc2-ecb 128 bit RC2 in ECB mode
+ rc2-ofb 128 bit RC2 in OFB mode
rc2-64-cbc 64 bit RC2 in CBC mode
rc2-40-cbc 40 bit RC2 in CBC mode
rc5-cbc RC5 cipher in CBC mode
rc5 Alias for rc5-cbc
- rc5-cfb RC5 cipher in CBC mode
- rc5-ecb RC5 cipher in CBC mode
- rc5-ofb RC5 cipher in CBC mode
+ rc5-cfb RC5 cipher in CFB mode
+ rc5-ecb RC5 cipher in ECB mode
+ rc5-ofb RC5 cipher in OFB mode
+
+ aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
+ aes-[128|192|256] Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
=head1 EXAMPLES
There should be an option to allow an iteration count to be included.
-Like the EVP library the B<enc> program only supports a fixed number of
-algorithms with certain parameters. So if, for example, you want to use RC2
-with a 76 bit key or RC4 with an 84 bit key you can't use this program.
+The B<enc> program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use RC2 with a
+76 bit key or RC4 with an 84 bit key you can't use this program.
=cut