B<openssl enc -ciphername>
[B<-in filename>]
[B<-out filename>]
+[B<-pass arg>]
[B<-e>]
[B<-d>]
[B<-a>]
[B<-p>]
[B<-P>]
[B<-bufsize number>]
+[B<-nopad>]
[B<-debug>]
=head1 DESCRIPTION
the output filename, standard output by default.
+=item B<-pass arg>
+
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-salt>
use a salt in the key derivation routines. This option should B<ALWAYS>
=item B<-k password>
-the password to derive the key from.
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
=item B<-kfile filename>
-read the password to derive the key from the first line of B<filename>
+read the password to derive the key from the first line of B<filename>.
+This is for computability with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
=item B<-S salt>
set the buffer size for I/O
+=item B<-nopad>
+
+disable standard block padding
+
=item B<-debug>
debug the BIOs used for I/O.
implications if not used correctly. A beginner is advised to just use
a strong block cipher in CBC mode such as bf or des3.
-All the block ciphers use PKCS#5 padding also known as standard block
+All the block ciphers normally use PKCS#5 padding also known as standard block
padding: this allows a rudimentary integrity or password check to be
performed. However since the chance of random data passing the test is
better than 1 in 256 it isn't a very good test.
+If padding is disabled then the input data must be a muliple of the cipher
+block length.
+
All RC2 ciphers have the same key and effective key length.
Blowfish and RC5 algorithms use a 128 bit key.
There should be an option to allow an iteration count to be included.
-Like the EVP library the B<enc> program only supports a fixed number of
-algorithms with certain parameters. So if, for example, you want to use RC2
-with a 76 bit key or RC4 with an 84 bit key you can't use this program.
+The B<enc> program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use RC2 with a
+76 bit key or RC4 with an 84 bit key you can't use this program.
=cut