=head1 SYNOPSIS
B<openssl enc -ciphername>
+[B<-help>]
+[B<-ciphers>]
[B<-in filename>]
[B<-out filename>]
[B<-pass arg>]
[B<-salt>]
[B<-nosalt>]
[B<-z>]
-[B<-md>]
+[B<-md digest>]
[B<-p>]
[B<-P>]
[B<-bufsize number>]
=over 4
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-ciphers>
+
+List all supported ciphers.
+
=item B<-in filename>
the input filename, standard input by default.
the password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-salt>
-
-use a salt in the key derivation routines. This is the default.
-
-=item B<-nosalt>
-
-don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
-used except for test purposes or compatibility with ancient versions of OpenSSL
-and SSLeay.
-
=item B<-e>
encrypt the input data: this is the default.
This is for compatibility with previous versions of OpenSSL. Superseded by
the B<-pass> argument.
+=item B<-md digest>
+
+Use the specified digest to create the key from the passphrase.
+The default algorithm is sha-256.
+
=item B<-nosalt>
-do not use a salt
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
+used except for test purposes or compatibility with ancient versions of
+OpenSSL.
=item B<-salt>
The B<-salt> option should B<ALWAYS> be used if the key is being derived
from a password unless you want compatibility with previous versions of
-OpenSSL and SSLeay.
+OpenSSL.
Without the B<-salt> option it is possible to perform efficient dictionary
attacks on the password and to attack stream cipher encrypted data. The reason
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
- gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
+ gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
- aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
- aes-[128|192|256] Alias for aes-[128|192|256]-cbc
- aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
- aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
- aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
- aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
- aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
+ aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
+ aes[128|192|256] Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
=head1 EXAMPLES
Decode the same file
- openssl base64 -d -in file.b64 -out file.bin
+ openssl base64 -d -in file.b64 -out file.bin
Encrypt a file using triple DES in CBC mode using a prompted password:
- openssl des3 -salt -in file.txt -out file.des3
+ openssl des3 -salt -in file.txt -out file.des3
Decrypt a file using a supplied password:
certain parameters. So if, for example, you want to use RC2 with a
76 bit key or RC4 with an 84 bit key you can't use this program.
+=head1 HISTORY
+
+The default digest was changed from MD5 to SHA256 in Openssl 1.1.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
=cut