Lines Matching +full:p +full:- +full:256
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
38 . ds PI \(*p
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-ENC 1ossl"
134 .TH OPENSSL-ENC 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-enc \- symmetric cipher routines
144 [\fB\-\f(BIcipher\fB\fR]
145 [\fB\-help\fR]
146 [\fB\-list\fR]
147 [\fB\-ciphers\fR]
148 [\fB\-in\fR \fIfilename\fR]
149 [\fB\-out\fR \fIfilename\fR]
150 [\fB\-pass\fR \fIarg\fR]
151 [\fB\-e\fR]
152 [\fB\-d\fR]
153 [\fB\-a\fR]
154 [\fB\-base64\fR]
155 [\fB\-A\fR]
156 [\fB\-k\fR \fIpassword\fR]
157 [\fB\-kfile\fR \fIfilename\fR]
158 [\fB\-K\fR \fIkey\fR]
159 [\fB\-iv\fR \fI\s-1IV\s0\fR]
160 [\fB\-S\fR \fIsalt\fR]
161 [\fB\-salt\fR]
162 [\fB\-nosalt\fR]
163 [\fB\-z\fR]
164 [\fB\-md\fR \fIdigest\fR]
165 [\fB\-iter\fR \fIcount\fR]
166 [\fB\-pbkdf2\fR]
167 [\fB\-p\fR]
168 [\fB\-P\fR]
169 [\fB\-bufsize\fR \fInumber\fR]
170 [\fB\-nopad\fR]
171 [\fB\-v\fR]
172 [\fB\-debug\fR]
173 [\fB\-none\fR]
174 [\fB\-engine\fR \fIid\fR]
175 [\fB\-rand\fR \fIfiles\fR]
176 [\fB\-writerand\fR \fIfile\fR]
177 [\fB\-provider\fR \fIname\fR]
178 [\fB\-provider\-path\fR \fIpath\fR]
179 [\fB\-propquery\fR \fIpropq\fR]
190 .IP "\fB\-\f(BIcipher\fB\fR" 4
191 .IX Item "-cipher"
193 .IP "\fB\-help\fR" 4
194 .IX Item "-help"
196 .IP "\fB\-list\fR" 4
197 .IX Item "-list"
199 .IP "\fB\-ciphers\fR" 4
200 .IX Item "-ciphers"
201 Alias of \-list to display all supported ciphers.
202 .IP "\fB\-in\fR \fIfilename\fR" 4
203 .IX Item "-in filename"
205 .IP "\fB\-out\fR \fIfilename\fR" 4
206 .IX Item "-out filename"
208 .IP "\fB\-pass\fR \fIarg\fR" 4
209 .IX Item "-pass arg"
211 see \fBopenssl\-passphrase\-options\fR\|(1).
212 .IP "\fB\-e\fR" 4
213 .IX Item "-e"
215 .IP "\fB\-d\fR" 4
216 .IX Item "-d"
218 .IP "\fB\-a\fR" 4
219 .IX Item "-a"
223 .IP "\fB\-base64\fR" 4
224 .IX Item "-base64"
225 Same as \fB\-a\fR
226 .IP "\fB\-A\fR" 4
227 .IX Item "-A"
228 If the \fB\-a\fR option is set then base64 process the data on one line.
229 .IP "\fB\-k\fR \fIpassword\fR" 4
230 .IX Item "-k password"
232 versions of OpenSSL. Superseded by the \fB\-pass\fR argument.
233 .IP "\fB\-kfile\fR \fIfilename\fR" 4
234 .IX Item "-kfile filename"
237 the \fB\-pass\fR argument.
238 .IP "\fB\-md\fR \fIdigest\fR" 4
239 .IX Item "-md digest"
241 The default algorithm is sha\-256.
242 .IP "\fB\-iter\fR \fIcount\fR" 4
243 .IX Item "-iter count"
245 High values increase the time required to brute-force the resulting file.
246 This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key.
247 .IP "\fB\-pbkdf2\fR" 4
248 .IX Item "-pbkdf2"
249 Use \s-1PBKDF2\s0 algorithm with a default iteration count of 10000
250 unless otherwise specified by the \fB\-iter\fR command line option.
251 .IP "\fB\-nosalt\fR" 4
252 .IX Item "-nosalt"
253 Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be
256 .IP "\fB\-salt\fR" 4
257 .IX Item "-salt"
258 Use salt (randomly generated or provide with \fB\-S\fR option) when
260 .IP "\fB\-S\fR \fIsalt\fR" 4
261 .IX Item "-S salt"
265 .IP "\fB\-K\fR \fIkey\fR" 4
266 .IX Item "-K key"
268 of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified
269 using the \fB\-iv\fR option. When both a key and a password are specified, the
270 key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the
273 .IP "\fB\-iv\fR \fI\s-1IV\s0\fR" 4
274 .IX Item "-iv IV"
275 The actual \s-1IV\s0 to use: this must be represented as a string comprised only
276 of hex digits. When only the key is specified using the \fB\-K\fR option, the
277 \&\s-1IV\s0 must explicitly be defined. When a password is being specified using
278 one of the other options, the \s-1IV\s0 is generated from this password.
279 .IP "\fB\-p\fR" 4
280 .IX Item "-p"
281 Print out the key and \s-1IV\s0 used.
282 .IP "\fB\-P\fR" 4
283 .IX Item "-P"
284 Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption
286 .IP "\fB\-bufsize\fR \fInumber\fR" 4
287 .IX Item "-bufsize number"
289 .IP "\fB\-nopad\fR" 4
290 .IX Item "-nopad"
292 .IP "\fB\-v\fR" 4
293 .IX Item "-v"
295 .IP "\fB\-debug\fR" 4
296 .IX Item "-debug"
298 .IP "\fB\-z\fR" 4
299 .IX Item "-z"
302 or zlib-dynamic option.
303 .IP "\fB\-none\fR" 4
304 .IX Item "-none"
305 Use \s-1NULL\s0 cipher (no encryption or decryption of input).
306 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
307 .IX Item "-rand files, -writerand file"
309 .IP "\fB\-provider\fR \fIname\fR" 4
310 .IX Item "-provider name"
312 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
313 .IX Item "-provider-path path"
314 .IP "\fB\-propquery\fR \fIpropq\fR" 4
315 .IX Item "-propquery propq"
318 .IP "\fB\-engine\fR \fIid\fR" 4
319 .IX Item "-engine id"
325 \&\f(CW\*(C`openssl enc \-\f(CIcipher\f(CW\*(C'\fR. The first form doesn't work with
326 engine-provided ciphers, because this form is processed before the
328 Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers.
332 configuration file. Engines specified on the command line using \fB\-engine\fR
333 option can only be used for hardware-assisted implementations of
340 A password will be prompted for to derive the key and \s-1IV\s0 if necessary.
342 The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived
346 Without the \fB\-salt\fR option it is possible to perform efficient dictionary
352 passphrase without explicit salt given using \fB\-S\fR option), the first bytes
357 a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode.
362 is better than 1 in 256 it isn't a very good test.
367 All \s-1RC2\s0 ciphers have the same key and effective key length.
369 Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
371 Please note that OpenSSL 3.0 changed the effect of the \fB\-S\fR option.
374 Conversely, when the \fB\-S\fR option is used during decryption, the ciphertext
378 explicit salt under OpenSSL 1.1.1 do not use the \fB\-S\fR option, the salt will
381 the \fB\-S\fR option, the salt will be then be generated randomly and prepended
388 with the \fB\-list\fR option (that is \f(CW\*(C`openssl enc \-list\*(C'\fR) is
393 like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future.
395 when \fB\-out\fR is not used) before the authentication tag could be validated.
397 able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in
401 exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce
406 modes or other modes, \fBopenssl\-cms\fR\|(1) is recommended, as it provides a
412 \& bf\-cbc Blowfish in CBC mode
413 \& bf Alias for bf\-cbc
414 \& blowfish Alias for bf\-cbc
415 \& bf\-cfb Blowfish in CFB mode
416 \& bf\-ecb Blowfish in ECB mode
417 \& bf\-ofb Blowfish in OFB mode
419 \& cast\-cbc CAST in CBC mode
420 \& cast Alias for cast\-cbc
421 \& cast5\-cbc CAST5 in CBC mode
422 \& cast5\-cfb CAST5 in CFB mode
423 \& cast5\-ecb CAST5 in ECB mode
424 \& cast5\-ofb CAST5 in OFB mode
428 \& des\-cbc DES in CBC mode
429 \& des Alias for des\-cbc
430 \& des\-cfb DES in CFB mode
431 \& des\-ofb DES in OFB mode
432 \& des\-ecb DES in ECB mode
434 \& des\-ede\-cbc Two key triple DES EDE in CBC mode
435 \& des\-ede Two key triple DES EDE in ECB mode
436 \& des\-ede\-cfb Two key triple DES EDE in CFB mode
437 \& des\-ede\-ofb Two key triple DES EDE in OFB mode
439 \& des\-ede3\-cbc Three key triple DES EDE in CBC mode
440 \& des\-ede3 Three key triple DES EDE in ECB mode
441 \& des3 Alias for des\-ede3\-cbc
442 \& des\-ede3\-cfb Three key triple DES EDE CFB mode
443 \& des\-ede3\-ofb Three key triple DES EDE in OFB mode
447 \& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine)
448 \& gost89\-cnt GOST 28147\-89 in CNT mode (provided by ccgost engine)
450 \& idea\-cbc IDEA algorithm in CBC mode
451 \& idea same as idea\-cbc
452 \& idea\-cfb IDEA in CFB mode
453 \& idea\-ecb IDEA in ECB mode
454 \& idea\-ofb IDEA in OFB mode
456 \& rc2\-cbc 128 bit RC2 in CBC mode
457 \& rc2 Alias for rc2\-cbc
458 \& rc2\-cfb 128 bit RC2 in CFB mode
459 \& rc2\-ecb 128 bit RC2 in ECB mode
460 \& rc2\-ofb 128 bit RC2 in OFB mode
461 \& rc2\-64\-cbc 64 bit RC2 in CBC mode
462 \& rc2\-40\-cbc 40 bit RC2 in CBC mode
465 \& rc4\-64 64 bit RC4
466 \& rc4\-40 40 bit RC4
468 \& rc5\-cbc RC5 cipher in CBC mode
469 \& rc5 Alias for rc5\-cbc
470 \& rc5\-cfb RC5 cipher in CFB mode
471 \& rc5\-ecb RC5 cipher in ECB mode
472 \& rc5\-ofb RC5 cipher in OFB mode
474 \& seed\-cbc SEED cipher in CBC mode
475 \& seed Alias for seed\-cbc
476 \& seed\-cfb SEED cipher in CFB mode
477 \& seed\-ecb SEED cipher in ECB mode
478 \& seed\-ofb SEED cipher in OFB mode
480 \& sm4\-cbc SM4 cipher in CBC mode
481 \& sm4 Alias for sm4\-cbc
482 \& sm4\-cfb SM4 cipher in CFB mode
483 \& sm4\-ctr SM4 cipher in CTR mode
484 \& sm4\-ecb SM4 cipher in ECB mode
485 \& sm4\-ofb SM4 cipher in OFB mode
487 \& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode
488 \& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc
489 \& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode
490 \& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode
491 \& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode
492 \& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode
493 \& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode
494 \& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode
496 \& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode
497 \& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc
498 \& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode
499 \& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
500 \& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
501 \& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode
502 \& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode
503 \& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode
505 \& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode
506 \& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc
507 \& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode
508 \& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
509 \& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
510 \& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode
511 \& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode
512 \& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode
519 \& openssl base64 \-in file.bin \-out file.b64
525 \& openssl base64 \-d \-in file.b64 \-out file.bin
528 Encrypt a file using \s-1AES\-128\s0 using a prompted password
529 and \s-1PBKDF2\s0 key derivation:
532 \& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128
538 \& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e
539 \& \-pass pass:<password>
543 using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation:
546 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256
552 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e
553 \& \-pass file:<passfile>
557 The \fB\-A\fR option when used with large files doesn't work properly.
560 certain parameters. So if, for example, you want to use \s-1RC2\s0 with a
561 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
564 The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
566 The \fB\-list\fR option was added in OpenSSL 1.1.1e.
568 The \fB\-ciphers\fR and \fB\-engine\fR options were deprecated in OpenSSL 3.0.
571 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
575 in the file \s-1LICENSE\s0 in the source distribution or at