Lines Matching +full:in +full:-
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-enc - symmetric cipher routines
11 [B<-I<cipher>>]
12 [B<-help>]
13 [B<-list>]
14 [B<-ciphers>]
15 [B<-in> I<filename>]
16 [B<-out> I<filename>]
17 [B<-pass> I<arg>]
18 [B<-e>]
19 [B<-d>]
20 [B<-a>]
21 [B<-base64>]
22 [B<-A>]
23 [B<-k> I<password>]
24 [B<-kfile> I<filename>]
25 [B<-K> I<key>]
26 [B<-iv> I<IV>]
27 [B<-S> I<salt>]
28 [B<-salt>]
29 [B<-nosalt>]
30 [B<-z>]
31 [B<-md> I<digest>]
32 [B<-iter> I<count>]
33 [B<-pbkdf2>]
34 [B<-p>]
35 [B<-P>]
36 [B<-bufsize> I<number>]
37 [B<-nopad>]
38 [B<-v>]
39 [B<-debug>]
40 [B<-none>]
41 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
42 {- $OpenSSL::safe::opt_provider_synopsis -}
51 either by itself or in addition to the encryption or decryption.
57 =item B<-I<cipher>>
61 =item B<-help>
65 =item B<-list>
69 =item B<-ciphers>
71 Alias of -list to display all supported ciphers.
73 =item B<-in> I<filename>
77 =item B<-out> I<filename>
81 =item B<-pass> I<arg>
84 see L<openssl-passphrase-options(1)>.
86 =item B<-e>
90 =item B<-d>
94 =item B<-a>
100 When the B<-A> option not given,
104 =item B<-base64>
106 Same as B<-a>
108 =item B<-A>
110 If the B<-a> option is set then base64 encoding produces output without any
112 Therefore it can be helpful to use the B<-A> option when decoding unknown input.
114 =item B<-k> I<password>
117 versions of OpenSSL. Superseded by the B<-pass> argument.
119 =item B<-kfile> I<filename>
123 the B<-pass> argument.
125 =item B<-md> I<digest>
128 The default algorithm is sha-256.
130 =item B<-iter> I<count>
132 Use a given number of iterations on the password in deriving the encryption key.
133 High values increase the time required to brute-force the resulting file.
136 =item B<-pbkdf2>
139 unless otherwise specified by the B<-iter> command line option.
141 =item B<-nosalt>
143 Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
147 =item B<-salt>
149 Use salt (randomly generated or provide with B<-S> option) when
152 =item B<-S> I<salt>
158 =item B<-K> I<key>
162 using the B<-iv> option. When both a key and a password are specified, the
163 key given with the B<-K> option will be used and the IV generated from the
167 =item B<-iv> I<IV>
170 of hex digits. When only the key is specified using the B<-K> option, the
174 =item B<-p>
178 =item B<-P>
183 =item B<-bufsize> I<number>
187 =item B<-nopad>
191 =item B<-v>
195 =item B<-debug>
199 =item B<-z>
203 or zlib-dynamic option.
205 =item B<-none>
209 {- $OpenSSL::safe::opt_r_item -}
211 {- $OpenSSL::safe::opt_provider_item -}
213 {- $OpenSSL::safe::opt_engine_item -}
220 C<openssl enc -I<cipher>>. The first form doesn't work with
221 engine-provided ciphers, because this form is processed before the
223 Use the L<openssl-list(1)> command to get a list of supported ciphers.
226 engine which provides gost89 algorithm) should be configured in the
227 configuration file. Engines specified on the command line using B<-engine>
228 option can only be used for hardware-assisted implementations of
230 in the configuration file.
233 specified in the configuration files are listed too.
237 The B<-salt> option should B<ALWAYS> be used if the key is being derived
241 Without the B<-salt> option it is possible to perform efficient dictionary
247 passphrase without explicit salt given using B<-S> option), the first bytes
252 a strong block cipher, such as AES, in CBC mode.
257 is better than 1 in 256 it isn't a very good test.
266 Please note that OpenSSL 3.0 changed the effect of the B<-S> option.
269 Conversely, when the B<-S> option is used during decryption, the ciphertext
273 explicit salt under OpenSSL 1.1.1 do not use the B<-S> option, the salt will
276 the B<-S> option, the salt will be then be generated randomly and prepended
283 in the configuration file. The output when invoking this command
284 with the B<-list> option (that is C<openssl enc -list>) is
289 like CCM and GCM, and will not support such modes in the future.
291 when B<-out> is not used) before the authentication tag could be validated.
292 When this command is used in a pipeline, the receiving end will not be
293 able to roll back upon authentication failure. The AEAD modes currently in
298 management issues also affect other modes currently exposed in this command,
299 but the failure modes are less extreme in these cases, and the
302 modes or other modes, L<openssl-cms(1)> is recommended, as it provides a
308 bf-cbc Blowfish in CBC mode
309 bf Alias for bf-cbc
310 blowfish Alias for bf-cbc
311 bf-cfb Blowfish in CFB mode
312 bf-ecb Blowfish in ECB mode
313 bf-ofb Blowfish in OFB mode
315 cast-cbc CAST in CBC mode
316 cast Alias for cast-cbc
317 cast5-cbc CAST5 in CBC mode
318 cast5-cfb CAST5 in CFB mode
319 cast5-ecb CAST5 in ECB mode
320 cast5-ofb CAST5 in OFB mode
324 des-cbc DES in CBC mode
325 des Alias for des-cbc
326 des-cfb DES in CFB mode
327 des-ofb DES in OFB mode
328 des-ecb DES in ECB mode
330 des-ede-cbc Two key triple DES EDE in CBC mode
331 des-ede Two key triple DES EDE in ECB mode
332 des-ede-cfb Two key triple DES EDE in CFB mode
333 des-ede-ofb Two key triple DES EDE in OFB mode
335 des-ede3-cbc Three key triple DES EDE in CBC mode
336 des-ede3 Three key triple DES EDE in ECB mode
337 des3 Alias for des-ede3-cbc
338 des-ede3-cfb Three key triple DES EDE CFB mode
339 des-ede3-ofb Three key triple DES EDE in OFB mode
343 gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
344 gost89-cnt GOST 28147-89 in CNT mode (provided by ccgost engine)
346 idea-cbc IDEA algorithm in CBC mode
347 idea same as idea-cbc
348 idea-cfb IDEA in CFB mode
349 idea-ecb IDEA in ECB mode
350 idea-ofb IDEA in OFB mode
352 rc2-cbc 128 bit RC2 in CBC mode
353 rc2 Alias for rc2-cbc
354 rc2-cfb 128 bit RC2 in CFB mode
355 rc2-ecb 128 bit RC2 in ECB mode
356 rc2-ofb 128 bit RC2 in OFB mode
357 rc2-64-cbc 64 bit RC2 in CBC mode
358 rc2-40-cbc 40 bit RC2 in CBC mode
361 rc4-64 64 bit RC4
362 rc4-40 40 bit RC4
364 rc5-cbc RC5 cipher in CBC mode
365 rc5 Alias for rc5-cbc
366 rc5-cfb RC5 cipher in CFB mode
367 rc5-ecb RC5 cipher in ECB mode
368 rc5-ofb RC5 cipher in OFB mode
370 seed-cbc SEED cipher in CBC mode
371 seed Alias for seed-cbc
372 seed-cfb SEED cipher in CFB mode
373 seed-ecb SEED cipher in ECB mode
374 seed-ofb SEED cipher in OFB mode
376 sm4-cbc SM4 cipher in CBC mode
377 sm4 Alias for sm4-cbc
378 sm4-cfb SM4 cipher in CFB mode
379 sm4-ctr SM4 cipher in CTR mode
380 sm4-ecb SM4 cipher in ECB mode
381 sm4-ofb SM4 cipher in OFB mode
383 aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
384 aes[128|192|256] Alias for aes-[128|192|256]-cbc
385 aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
386 aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
387 aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
388 aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode
389 aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
390 aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
392 aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
393 aria[128|192|256] Alias for aria-[128|192|256]-cbc
394 aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
395 aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
396 aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
397 aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
398 aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
399 aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
401 camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
402 camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
403 camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
404 camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
405 camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
406 camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode
407 camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode
408 camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode
414 openssl base64 -in file.bin -out file.b64
418 openssl base64 -d -in file.b64 -out file.bin
420 Encrypt a file using AES-128 using a prompted password
423 openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
427 openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
428 -pass pass:<password>
431 using AES-256 in CTR mode and PBKDF2 key derivation:
433 openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
435 Base64 decode a file then decrypt it using a password supplied in a file:
437 openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
438 -pass file:<passfile>
442 The B<-A> option when used with large files doesn't work properly.
443 On the other hand, when base64 decoding without the B<-A> option,
453 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
455 The B<-list> option was added in OpenSSL 1.1.1e.
457 The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
461 Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
464 this file except in compliance with the License. You can obtain a copy
465 in the file LICENSE in the source distribution or at