| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zfs_create/ |
| H A D | zfs_create_encrypted.ksh | 30 # encryption properties set.
33 # enc = encryption
39 # no unspec 0 0 yes inherit no encryption (not tested here)
43 # no off 0 0 yes explicit no encryption
49 # no on 1 0 yes new encryption root
50 # no on 1 1 yes new encryption root
51 # yes unspec 0 0 yes inherit encryption
53 # yes unspec 1 0 yes new encryption root, crypt inherited
54 # yes unspec 1 1 yes new encryption root, crypt inherited
59 # yes on 0 0 yes inherited encryption, local crypt
[all …]
|
| H A D | zfs_create_crypt_combos.ksh | 29 # 'zfs create' should create an encrypted dataset with a valid encryption
33 # 1. Create a filesystem for each combination of encryption type and key format
48 "encryption=on" \
49 "encryption=aes-128-ccm" \
50 "encryption=aes-192-ccm" \
51 "encryption=aes-256-ccm" \
52 "encryption=aes-128-gcm" \
53 "encryption=aes-192-gcm" \
54 "encryption=aes-256-gcm"
57 "encryption=aes-256-gcm" \
[all …]
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/rsend/ |
| H A D | send_encrypted_props.ksh | 26 # Verify that zfs properly handles encryption properties when receiving
33 # 4. Verify that 'zfs recv -x <encryption prop>' fails on a raw send stream
34 # 5. Verify that encryption properties cannot be changed on incrementals
35 # 6. Verify that a simple send can be received as an encryption root
37 # encryption root
39 # encryption root
41 # encryption child
43 # encryption child
58 log_assert "'zfs recv' must properly handle encryption properties"
72 log_must zfs create -o encryption=on -o keyformat=passphrase \
[all …]
|
| /freebsd/sys/contrib/openzfs/man/man8/ |
| H A D | zfs-unload-key.8 | 39 .Nd load, unload, or change encryption key of ZFS dataset
102 encryption roots.
104 Loads the keys for all encryption roots in all imported pools.
146 encryption roots.
148 Unloads the keys for all encryption roots in all imported pools.
174 If the dataset was not previously an encryption root it will become one.
177 flag may be provided to cause an encryption root to inherit the parent's key
207 Allows the user to set encryption key properties
219 Note that this command can only be run on an encryption root
223 .Ss Encryption
[all...] |
| H A D | zfs-change-key.8 | 39 .Nd load, unload, or change encryption key of ZFS dataset
102 encryption roots.
104 Loads the keys for all encryption roots in all imported pools.
146 encryption roots.
148 Unloads the keys for all encryption roots in all imported pools.
174 If the dataset was not previously an encryption root it will become one.
177 flag may be provided to cause an encryption root to inherit the parent's key
207 Allows the user to set encryption key properties
219 Note that this command can only be run on an encryption root
223 .Ss Encryption
[all...] |
| H A D | zfs-load-key.8 | 39 .Nd load, unload, or change encryption key of ZFS dataset
102 encryption roots.
104 Loads the keys for all encryption roots in all imported pools.
146 encryption roots.
148 Unloads the keys for all encryption roots in all imported pools.
174 If the dataset was not previously an encryption root it will become one.
177 flag may be provided to cause an encryption root to inherit the parent's key
207 Allows the user to set encryption key properties
219 Note that this command can only be run on an encryption root
223 .Ss Encryption
[all …]
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zpool_create/ |
| H A D | zpool_create_crypt_combos.ksh | 28 # 'zpool create' should create encrypted pools when using a valid encryption
32 # 1. Create a pool for each combination of encryption type and key format
44 set -A ENCRYPTION_ALGS "encryption=on" \
45 "encryption=aes-128-ccm" \
46 "encryption=aes-192-ccm" \
47 "encryption=aes-256-ccm" \
48 "encryption=aes-128-gcm" \
49 "encryption=aes-192-gcm" \
50 "encryption=aes-256-gcm"
52 set -A ENCRYPTION_PROPS "encryption=aes-256-gcm" \
[all …]
|
| H A D | zpool_create_encrypted.ksh | 28 # combination of encryption properties set.
30 # enc = encryption
43 # N 0 0 yes explicit no encryption
49 # Y 1 1 no unsupported combination of non-encryption props
50 # Y 1 0 yes new encryption root
51 # Y 1 1 yes new encryption root
54 # 1. Attempt to create a dataset using all combinations of encryption
67 "has a valid combination of encryption properties set."
74 log_must zpool create -O encryption=off $TESTPOOL $DISKS
77 log_mustnot zpool create -O encryption=off -O keylocation=prompt \
[all …]
|
| /freebsd/crypto/krb5/src/windows/leash/htmlhelp/html/ |
| H A D | Encryption_Types.htm | 8 <h1>Encryption Types</h1>
10 Kerberos supports several types of encryption for securing session keys
15 Kerberos installation checks for an encryption type that is shared by
17 <li> When encrypting session keys, the KDC checks for an encryption
28 <li><a href="#view"> View encryption types</a></li>
33 <li><a href="#weak"> Weak encryption types</a></li>
34 <li><a href="#supported"> Supported encryption types</a></li>
42 <h2><a name="weak"> Weak Encryption Types </a></h2>
44 In the table of Encryption Types below, some encryption types are noted as <b>weak</b>.
45 Most of them are encryption types that used to be strong but now, with
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man7/ |
| H A D | life_cycle-cipher.7 | 162 .IP "initialised for encryption using EVP_EncryptInit" 4
163 .IX Item "initialised for encryption using EVP_EncryptInit"
204 | for decryption | | | | for encryption |
217 …| for decryption | <-------------------+ | | for encryption | …
228 | (AEAD encryption)
242 … decryption decryption encryption encryption
248 … encryption encryption encryption encryption encryption encryption encryption encryption
253 … encryption encryption
260 … decryption decryption encryption encryption
262 … decryption decryption encryption encryption
[all …]
|
| /freebsd/contrib/bearssl/inc/ |
| H A D | bearssl_block.h | 46 * functions are provided, for CBC encryption, CBC decryption, and CTR
47 * encryption/decryption. Each set has its own context structure,
48 * initialised with the encryption key.
50 * For CBC encryption and decryption, the data to encrypt or decrypt is
55 * Function for CTR encryption are defined only for block ciphers with
72 * expansion. These subkeys are appropriate for CBC encryption. The
78 * Perform key expansion: subkeys for CBC encryption are computed and
85 * Perform CBC encryption of `len` bytes, in place. The encrypted data
116 * expansion. These subkeys are appropriate for CTR encryption and
122 * Perform key expansion: subkeys for CTR encryption and decryption
[all …]
|
| /freebsd/crypto/openssl/doc/man7/ |
| H A D | life_cycle-cipher.pod | 34 =item initialised for encryption using EVP_EncryptInit
82 | for decryption | | | | for encryption |
95 …| for decryption | <-------------------+ | | for encryption | …
106 | (AEAD encryption)
128 … decryption decryption encryption encryption
134 … encryption encryption encryption encryption encryption encryption encryption encryption
139 … encryption encryption
146 … decryption decryption encryption encryption
148 … decryption decryption encryption encryption
150 … decryption decryption encryption encryption
[all …]
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zfs_change-key/ |
| H A D | zfs_change-key_clones.ksh | 27 # 'zfs change-key' should correctly update encryption roots with clones.
31 # 2. Create an encryption root child of the first dataset
32 # 3. Clone the child encryption root twice
33 # 4. Add inheriting children to the encryption root and each of the clones
34 # 5. Verify the encryption roots
35 # 6. Have the child encryption root inherit from its parent
36 # 7. Verify the encryption root for all datasets is now the parent dataset
49 log_assert "'zfs change-key' should correctly update encryption " \
52 log_must eval "echo $PASSPHRASE1 | zfs create -o encryption=on" \
54 log_must eval "echo $PASSPHRASE2 | zfs create -o encryption=on" \
[all …]
|
| /freebsd/crypto/openssl/doc/man3/ |
| H A D | EVP_SealInit.pod | 5 EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
21 encryption. They generate a random key and IV (if required) then
22 "envelope" it by using public key encryption. Data can then be
25 EVP_SealInit() initializes a cipher context B<ctx> for encryption
65 Envelope encryption is the usual method of using public key encryption
66 on large amounts of data, this is because public key encryption is slow
67 but symmetric encryption is fast. So symmetric encryption is used for
68 bulk encryption and the small random symmetric key used is transferred
69 using public key encryption.
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zfs_receive/ |
| H A D | zfs_receive_to_encrypted.ksh | 36 # 8. Attempt to receive with -o encryption=off to an unencrypted child
67 log_must eval "echo $passphrase | zfs create -o encryption=on" \
72 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c1)" != "off"
85 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c2)" == "off"
93 zfs receive -o encryption=off $TESTPOOL/$TESTFS1/c2o"
94 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c2o)" == "off"
98 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c3)" == "off"
104 # Verify that replication can override encryption properties
105 log_note "Verifying replication can override encryption properties for plain dataset"
108 log_must eval "zfs send -R $snap2 | zfs recv -s -F -o encryption=on" \
[all …]
|
| H A D | zfs_receive_-wR-encrypted-mix.ksh | 41 # 4. Check the encryption property of the received datasets
63 create_dataset "$src" -o encryption=on -o keyformat=passphrase
64 create_dataset "$src/u" "-o encryption=off"
66 create_dataset "$src/u/e" -o encryption=on -o keyformat=passphrase
67 create_dataset "$src/u/e/u" -o encryption=off
71 log_must test "$(get_prop 'encryption' $dst)" != "off"
72 log_must test "$(get_prop 'encryption' $dst/u)" == "off"
73 log_must test "$(get_prop 'encryption' $dst/u/e)" != "off"
74 log_must test "$(get_prop 'encryption' $dst/u/e/u)" == "off"
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zfs_rename/ |
| H A D | zfs_rename_encrypted_child.ksh | 28 # encryption root.
31 # 1. Create two encryption roots, and a child and grandchild of the first
32 # encryption root
36 # 5. Verify the encryption root of the dataset
38 # 7. Verify the encryption root of the dataset
53 "encryption root"
55 log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \
59 log_must eval "echo $PASSPHRASE1 | zfs create -o encryption=on" \
79 "encryption root"
|
| /freebsd/crypto/heimdal/doc/doxyout/krb5/man/man3/ |
| H A D | krb5_crypto.3 | 92 Enable or disable all weak encryption types
109 Return the coresponding encryption type for a checksum type.
117 \fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NU…
222 \fIenctype\fP the encryption type of the resulting key
273 Return the encryption type used by the crypto context
281 \fIenctype\fP the resulting encryption type
311 Create a crypto context used for all encryption and signature operation. The encryption type to use…
321 \fIetype\fP the encryption type
386 Disable encryption type
392 \fIenctype\fP encryption type to disable
[all …]
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/cli_root/zfs_promote/ |
| H A D | zfs_promote_encryptionroot.ksh | 27 # ZFS must promote clones of an encryption root.
31 # 2. Clone the encryption root
34 # 4. Verify the encryption root of all datasets is the origin
36 # 6. Verify the encryption root of all datasets is still the origin
37 # 7. Promote the dataset again, so it is now the encryption root
38 # 8. Verify the encryption root of all datasets is the promoted dataset
54 log_assert "ZFS must promote clones of an encryption root"
60 log_must eval "echo $passphrase | zfs create -o encryption=on" \
94 log_pass "ZFS promotes clones of an encryption root"
|
| /freebsd/lib/libc/rpc/ |
| H A D | des_crypt.3 | 7 .Nd "fast DES encryption"
27 (Data Encryption Standard).
57 is the 8-byte encryption key with parity.
76 For the encryption direction
83 encryption,
91 is specified, and there is no hardware, then the encryption is performed
108 Encryption succeeded, but done in software instead of the requested hardware.
|
| /freebsd/crypto/krb5/doc/admin/ |
| H A D | enctypes.rst | 3 Encryption types
7 Kerberos **encryption type** (also known as an **enctype**) is a
109 session keys and for ticket and authenticator encryption. The KDC
165 krb5 releases 1.17 and later flag deprecated encryption types
173 Migrating away from older encryption types
177 from legacy encryption types, especially if the realm was created
180 legacy encryption types.
184 encryption types. This will ensure that newly created keys do not use
185 those encryption types by default.
188 **getprinc** command. If it lists a weak or deprecated encryption
[all …]
|
| /freebsd/crypto/krb5/doc/html/_sources/admin/ |
| H A D | enctypes.rst.txt | 3 Encryption types
7 Kerberos **encryption type** (also known as an **enctype**) is a
109 session keys and for ticket and authenticator encryption. The KDC
165 krb5 releases 1.17 and later flag deprecated encryption types
173 Migrating away from older encryption types
177 from legacy encryption types, especially if the realm was created
180 legacy encryption types.
184 encryption types. This will ensure that newly created keys do not use
185 those encryption types by default.
188 **getprinc** command. If it lists a weak or deprecated encryption
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man3/ |
| H A D | EVP_SealInit.3 | 140 EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption
156 encryption. They generate a random key and \s-1IV\s0 (if required) then
157 \&\*(L"envelope\*(R" it by using public key encryption. Data can then be
160 \&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
198 Envelope encryption is the usual method of using public key encryption
199 on large amounts of data, this is because public key encryption is slow
200 but symmetric encryption is fast. So symmetric encryption is used for
201 bulk encryption and the small random symmetric key used is transferred
202 using public key encryption.
|
| /freebsd/contrib/telnet/libtelnet/ |
| H A D | kerberos.c | 84 #ifdef ENCRYPTION
88 #endif /* ENCRYPTION */
193 #ifdef ENCRYPTION in kerberos4_send()
218 #endif /* ENCRYPTION */ in kerberos4_send()
232 #ifdef ENCRYPTION in kerberos4_is()
235 #endif /* ENCRYPTION */ in kerberos4_is()
267 #ifdef ENCRYPTION in kerberos4_is()
269 #endif /* ENCRYPTION */ in kerberos4_is()
280 #ifndef ENCRYPTION in kerberos4_is()
282 #else /* ENCRYPTION */ in kerberos4_is()
[all …]
|
| /freebsd/share/man/man4/ |
| H A D | ng_mppc.4 | 42 .Nd Microsoft MPPC/MPPE compression and encryption netgraph node type
50 and Microsoft Point-to-Point Encryption (MPPE) sub-protocols of
87 outgoing traffic direction (i.e., for compression and/or encryption).
100 #define MPPE_BITS 0x000000e0 /* mppe encryption bits */
140 The node will respond by flushing its outgoing compression and encryption
166 .%T "Microsoft Point-To-Point Encryption (MPPE) Protocol"
182 In PPP, encryption should be handled by the Encryption Control Protocol (ECP)
184 However, Microsoft combined both compression and encryption into their
|