X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fenc.pod;h=99b914789d63b2181131bdbd8d36a24340fecb42;hp=e436ccc37e6f2fdbf60af914f07188f89c5bd946;hb=43f9391bcc222f0da5c0d9f8e2ab24d921e29971;hpb=cd3c54e50f0f0b3839bb70fabbe222e389732146 diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index e436ccc37e..99b914789d 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -21,6 +21,7 @@ B [B<-p>] [B<-P>] [B<-bufsize number>] +[B<-nopad>] [B<-debug>] =head1 DESCRIPTION @@ -96,12 +97,18 @@ of hex digits. =item B<-K key> the actual key to use: this must be represented as a string comprised only -of hex digits. +of hex digits. If only the key is specified, the IV must additionally specified +using the B<-iv> option. When both a key and a password are specified, the +key given with the B<-K> option will be used and the IV generated from the +password will be taken. It probably does not make much sense to specify +both key and password. =item B<-iv IV> the actual IV to use: this must be represented as a string comprised only -of hex digits. +of hex digits. When only the key is specified using the B<-K> option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. =item B<-p> @@ -116,6 +123,10 @@ or decryption. set the buffer size for I/O +=item B<-nopad> + +disable standard block padding + =item B<-debug> debug the BIOs used for I/O. @@ -144,11 +155,14 @@ Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher in CBC mode such as bf or des3. -All the block ciphers use PKCS#5 padding also known as standard block +All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. +If padding is disabled then the input data must be a muliple of the cipher +block length. + All RC2 ciphers have the same key and effective key length. Blowfish and RC5 algorithms use a 128 bit key. @@ -250,8 +264,8 @@ The B<-A> option when used with large files doesn't work properly. There should be an option to allow an iteration count to be included. -Like the EVP library the B program only supports a fixed number of -algorithms with certain parameters. So if, for example, you want to use RC2 -with a 76 bit key or RC4 with an 84 bit key you can't use this program. +The B program only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use RC2 with a +76 bit key or RC4 with an 84 bit key you can't use this program. =cut