Lines Matching +full:in +full:-
18 .\" Set up some character translations and predefined strings. \*(-- will
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23 .\" nothing in troff, for use with C<>.
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
52 .\" output yourself in some meaningful fashion.
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-ENC 1ossl"
134 .TH OPENSSL-ENC 1ossl "2023-09-22" "3.0.11" "OpenSSL"
136 .\" way too many mistakes in technical documents.
140 openssl\-enc \- symmetric cipher routines
144 [\fB\-\f(BIcipher\fB\fR]
145 [\fB\-help\fR]
146 [\fB\-list\fR]
147 [\fB\-ciphers\fR]
148 [\fB\-in\fR \fIfilename\fR]
149 [\fB\-out\fR \fIfilename\fR]
150 [\fB\-pass\fR \fIarg\fR]
151 [\fB\-e\fR]
152 [\fB\-d\fR]
153 [\fB\-a\fR]
154 [\fB\-base64\fR]
155 [\fB\-A\fR]
156 [\fB\-k\fR \fIpassword\fR]
157 [\fB\-kfile\fR \fIfilename\fR]
158 [\fB\-K\fR \fIkey\fR]
159 [\fB\-iv\fR \fI\s-1IV\s0\fR]
160 [\fB\-S\fR \fIsalt\fR]
161 [\fB\-salt\fR]
162 [\fB\-nosalt\fR]
163 [\fB\-z\fR]
164 [\fB\-md\fR \fIdigest\fR]
165 [\fB\-iter\fR \fIcount\fR]
166 [\fB\-pbkdf2\fR]
167 [\fB\-p\fR]
168 [\fB\-P\fR]
169 [\fB\-bufsize\fR \fInumber\fR]
170 [\fB\-nopad\fR]
171 [\fB\-v\fR]
172 [\fB\-debug\fR]
173 [\fB\-none\fR]
174 [\fB\-engine\fR \fIid\fR]
175 [\fB\-rand\fR \fIfiles\fR]
176 [\fB\-writerand\fR \fIfile\fR]
177 [\fB\-provider\fR \fIname\fR]
178 [\fB\-provider\-path\fR \fIpath\fR]
179 [\fB\-propquery\fR \fIpropq\fR]
187 either by itself or in addition to the encryption or decryption.
190 .IP "\fB\-\f(BIcipher\fB\fR" 4
191 .IX Item "-cipher"
193 .IP "\fB\-help\fR" 4
194 .IX Item "-help"
196 .IP "\fB\-list\fR" 4
197 .IX Item "-list"
199 .IP "\fB\-ciphers\fR" 4
200 .IX Item "-ciphers"
201 Alias of \-list to display all supported ciphers.
202 .IP "\fB\-in\fR \fIfilename\fR" 4
203 .IX Item "-in filename"
205 .IP "\fB\-out\fR \fIfilename\fR" 4
206 .IX Item "-out filename"
208 .IP "\fB\-pass\fR \fIarg\fR" 4
209 .IX Item "-pass arg"
211 see \fBopenssl\-passphrase\-options\fR\|(1).
212 .IP "\fB\-e\fR" 4
213 .IX Item "-e"
215 .IP "\fB\-d\fR" 4
216 .IX Item "-d"
218 .IP "\fB\-a\fR" 4
219 .IX Item "-a"
223 .IP "\fB\-base64\fR" 4
224 .IX Item "-base64"
225 Same as \fB\-a\fR
226 .IP "\fB\-A\fR" 4
227 .IX Item "-A"
228 If the \fB\-a\fR option is set then base64 process the data on one line.
229 .IP "\fB\-k\fR \fIpassword\fR" 4
230 .IX Item "-k password"
232 versions of OpenSSL. Superseded by the \fB\-pass\fR argument.
233 .IP "\fB\-kfile\fR \fIfilename\fR" 4
234 .IX Item "-kfile filename"
237 the \fB\-pass\fR argument.
238 .IP "\fB\-md\fR \fIdigest\fR" 4
239 .IX Item "-md digest"
241 The default algorithm is sha\-256.
242 .IP "\fB\-iter\fR \fIcount\fR" 4
243 .IX Item "-iter count"
244 Use a given number of iterations on the password in deriving the encryption key.
245 High values increase the time required to brute-force the resulting file.
246 This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key.
247 .IP "\fB\-pbkdf2\fR" 4
248 .IX Item "-pbkdf2"
249 Use \s-1PBKDF2\s0 algorithm with a default iteration count of 10000
250 unless otherwise specified by the \fB\-iter\fR command line option.
251 .IP "\fB\-nosalt\fR" 4
252 .IX Item "-nosalt"
253 Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be
256 .IP "\fB\-salt\fR" 4
257 .IX Item "-salt"
258 Use salt (randomly generated or provide with \fB\-S\fR option) when
260 .IP "\fB\-S\fR \fIsalt\fR" 4
261 .IX Item "-S salt"
265 .IP "\fB\-K\fR \fIkey\fR" 4
266 .IX Item "-K key"
268 of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified
269 using the \fB\-iv\fR option. When both a key and a password are specified, the
270 key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the
273 .IP "\fB\-iv\fR \fI\s-1IV\s0\fR" 4
274 .IX Item "-iv IV"
275 The actual \s-1IV\s0 to use: this must be represented as a string comprised only
276 of hex digits. When only the key is specified using the \fB\-K\fR option, the
277 \&\s-1IV\s0 must explicitly be defined. When a password is being specified using
278 one of the other options, the \s-1IV\s0 is generated from this password.
279 .IP "\fB\-p\fR" 4
280 .IX Item "-p"
281 Print out the key and \s-1IV\s0 used.
282 .IP "\fB\-P\fR" 4
283 .IX Item "-P"
284 Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption
286 .IP "\fB\-bufsize\fR \fInumber\fR" 4
287 .IX Item "-bufsize number"
289 .IP "\fB\-nopad\fR" 4
290 .IX Item "-nopad"
292 .IP "\fB\-v\fR" 4
293 .IX Item "-v"
295 .IP "\fB\-debug\fR" 4
296 .IX Item "-debug"
298 .IP "\fB\-z\fR" 4
299 .IX Item "-z"
302 or zlib-dynamic option.
303 .IP "\fB\-none\fR" 4
304 .IX Item "-none"
305 Use \s-1NULL\s0 cipher (no encryption or decryption of input).
306 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
307 .IX Item "-rand files, -writerand file"
308 See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details.
309 .IP "\fB\-provider\fR \fIname\fR" 4
310 .IX Item "-provider name"
312 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
313 .IX Item "-provider-path path"
314 .IP "\fB\-propquery\fR \fIpropq\fR" 4
315 .IX Item "-propquery propq"
317 See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7).
318 .IP "\fB\-engine\fR \fIid\fR" 4
319 .IX Item "-engine id"
320 See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1).
325 \&\f(CW\*(C`openssl enc \-\f(CIcipher\f(CW\*(C'\fR. The first form doesn't work with
326 engine-provided ciphers, because this form is processed before the
328 Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers.
331 engine which provides gost89 algorithm) should be configured in the
332 configuration file. Engines specified on the command line using \fB\-engine\fR
333 option can only be used for hardware-assisted implementations of
338 specified in the configuration files are listed too.
340 A password will be prompted for to derive the key and \s-1IV\s0 if necessary.
342 The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived
346 Without the \fB\-salt\fR option it is possible to perform efficient dictionary
352 passphrase without explicit salt given using \fB\-S\fR option), the first bytes
357 a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode.
362 is better than 1 in 256 it isn't a very good test.
367 All \s-1RC2\s0 ciphers have the same key and effective key length.
369 Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
371 Please note that OpenSSL 3.0 changed the effect of the \fB\-S\fR option.
374 Conversely, when the \fB\-S\fR option is used during decryption, the ciphertext
378 explicit salt under OpenSSL 1.1.1 do not use the \fB\-S\fR option, the salt will
381 the \fB\-S\fR option, the salt will be then be generated randomly and prepended
388 with the \fB\-list\fR option (that is \f(CW\*(C`openssl enc \-list\*(C'\fR) is
393 like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future.
395 when \fB\-out\fR is not used) before the authentication tag could be validated.
396 When this command is used in a pipeline, the receiving end will not be
397 able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in
401 exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce
402 management issues also affect other modes currently exposed in this command,
403 but the failure modes are less extreme in these cases, and the
406 modes or other modes, \fBopenssl\-cms\fR\|(1) is recommended, as it provides a
412 \& bf\-cbc Blowfish in CBC mode
413 \& bf Alias for bf\-cbc
414 \& blowfish Alias for bf\-cbc
415 \& bf\-cfb Blowfish in CFB mode
416 \& bf\-ecb Blowfish in ECB mode
417 \& bf\-ofb Blowfish in OFB mode
419 \& cast\-cbc CAST in CBC mode
420 \& cast Alias for cast\-cbc
421 \& cast5\-cbc CAST5 in CBC mode
422 \& cast5\-cfb CAST5 in CFB mode
423 \& cast5\-ecb CAST5 in ECB mode
424 \& cast5\-ofb CAST5 in OFB mode
428 \& des\-cbc DES in CBC mode
429 \& des Alias for des\-cbc
430 \& des\-cfb DES in CFB mode
431 \& des\-ofb DES in OFB mode
432 \& des\-ecb DES in ECB mode
434 \& des\-ede\-cbc Two key triple DES EDE in CBC mode
435 \& des\-ede Two key triple DES EDE in ECB mode
436 \& des\-ede\-cfb Two key triple DES EDE in CFB mode
437 \& des\-ede\-ofb Two key triple DES EDE in OFB mode
439 \& des\-ede3\-cbc Three key triple DES EDE in CBC mode
440 \& des\-ede3 Three key triple DES EDE in ECB mode
441 \& des3 Alias for des\-ede3\-cbc
442 \& des\-ede3\-cfb Three key triple DES EDE CFB mode
443 \& des\-ede3\-ofb Three key triple DES EDE in OFB mode
447 \& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine)
448 \& gost89\-cnt GOST 28147\-89 in CNT mode (provided by ccgost engine)
450 \& idea\-cbc IDEA algorithm in CBC mode
451 \& idea same as idea\-cbc
452 \& idea\-cfb IDEA in CFB mode
453 \& idea\-ecb IDEA in ECB mode
454 \& idea\-ofb IDEA in OFB mode
456 \& rc2\-cbc 128 bit RC2 in CBC mode
457 \& rc2 Alias for rc2\-cbc
458 \& rc2\-cfb 128 bit RC2 in CFB mode
459 \& rc2\-ecb 128 bit RC2 in ECB mode
460 \& rc2\-ofb 128 bit RC2 in OFB mode
461 \& rc2\-64\-cbc 64 bit RC2 in CBC mode
462 \& rc2\-40\-cbc 40 bit RC2 in CBC mode
465 \& rc4\-64 64 bit RC4
466 \& rc4\-40 40 bit RC4
468 \& rc5\-cbc RC5 cipher in CBC mode
469 \& rc5 Alias for rc5\-cbc
470 \& rc5\-cfb RC5 cipher in CFB mode
471 \& rc5\-ecb RC5 cipher in ECB mode
472 \& rc5\-ofb RC5 cipher in OFB mode
474 \& seed\-cbc SEED cipher in CBC mode
475 \& seed Alias for seed\-cbc
476 \& seed\-cfb SEED cipher in CFB mode
477 \& seed\-ecb SEED cipher in ECB mode
478 \& seed\-ofb SEED cipher in OFB mode
480 \& sm4\-cbc SM4 cipher in CBC mode
481 \& sm4 Alias for sm4\-cbc
482 \& sm4\-cfb SM4 cipher in CFB mode
483 \& sm4\-ctr SM4 cipher in CTR mode
484 \& sm4\-ecb SM4 cipher in ECB mode
485 \& sm4\-ofb SM4 cipher in OFB mode
487 \& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode
488 \& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc
489 \& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode
490 \& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode
491 \& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode
492 \& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode
493 \& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode
494 \& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode
496 \& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode
497 \& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc
498 \& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode
499 \& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
500 \& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
501 \& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode
502 \& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode
503 \& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode
505 \& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode
506 \& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc
507 \& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode
508 \& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
509 \& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
510 \& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode
511 \& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode
512 \& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode
519 \& openssl base64 \-in file.bin \-out file.b64
525 \& openssl base64 \-d \-in file.b64 \-out file.bin
528 Encrypt a file using \s-1AES\-128\s0 using a prompted password
529 and \s-1PBKDF2\s0 key derivation:
532 \& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128
538 \& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e
539 \& \-pass pass:<password>
543 using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation:
546 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256
549 Base64 decode a file then decrypt it using a password supplied in a file:
552 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e
553 \& \-pass file:<passfile>
557 The \fB\-A\fR option when used with large files doesn't work properly.
560 certain parameters. So if, for example, you want to use \s-1RC2\s0 with a
561 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
564 The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
566 The \fB\-list\fR option was added in OpenSSL 1.1.1e.
568 The \fB\-ciphers\fR and \fB\-engine\fR options were deprecated in OpenSSL 3.0.
571 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
574 this file except in compliance with the License. You can obtain a copy
575 in the file \s-1LICENSE\s0 in the source distribution or at