Standard preamble:
========================================================================
..
.... Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================
Title "OPENSSL-ENC 1"
way too many mistakes in technical documents.
\fBopenssl cipher [...]
0
See \*(L"Provider Options\*(R" in openssl\|(1), provider\|(7), and property\|(7).
Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines specified on the command line using -engine option can only be used for hardware-assisted implementations of ciphers which are supported by the OpenSSL core or another engine specified in the configuration file.
When the enc command lists supported ciphers, ciphers provided by engines, specified in the configuration files are listed too.
A password will be prompted for to derive the key and \s-1IV\s0 if necessary.
The -salt option should \s-1ALWAYS\s0 be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL.
Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key.
When the salt is generated at random (that means when encrypting using a passphrase without explicit salt given using -S option), the first bytes of the encrypted data are reserved to store the salt for later decrypting.
Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode.
All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.
If padding is disabled then the input data must be a multiple of the cipher block length.
All \s-1RC2\s0 ciphers have the same key and effective key length.
Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
Please note that OpenSSL 3.0 changed the effect of the -S option. Any explicit salt value specified via this option is no longer prepended to the ciphertext when encrypting, and must again be explicitly provided when decrypting. Conversely, when the -S option is used during decryption, the ciphertext is expected to not have a prepended salt value.
When using OpenSSL 3.0 or later to decrypt data that was encrypted with an explicit salt under OpenSSL 1.1.1 do not use the -S option, the salt will then be read from the ciphertext. To generate ciphertext that can be decrypted with OpenSSL 1.1.1 do not use the -S option, the salt will be then be generated randomly and prepended to the output.
This command does not support authenticated encryption modes like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future. This is due to having to begin streaming output (e.g., to standard output when -out is not used) before the authentication tag could be validated. When this command is used in a pipeline, the receiving end will not be able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since openssl enc places the entire burden of key/iv/nonce management upon the user, the risk of exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in this command, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. For bulk encryption of data, whether using authenticated encryption modes or other modes, openssl-cms\|(1) is recommended, as it provides a standard data format and performs the needed key/iv/nonce management.
.Vb 1 base64 Base 64 \& bf-cbc Blowfish in CBC mode bf Alias for bf-cbc blowfish Alias for bf-cbc bf-cfb Blowfish in CFB mode bf-ecb Blowfish in ECB mode bf-ofb Blowfish in OFB mode \& cast-cbc CAST in CBC mode cast Alias for cast-cbc cast5-cbc CAST5 in CBC mode cast5-cfb CAST5 in CFB mode cast5-ecb CAST5 in ECB mode cast5-ofb CAST5 in OFB mode \& chacha20 ChaCha20 algorithm \& des-cbc DES in CBC mode des Alias for des-cbc des-cfb DES in CFB mode des-ofb DES in OFB mode des-ecb DES in ECB mode \& des-ede-cbc Two key triple DES EDE in CBC mode des-ede Two key triple DES EDE in ECB mode des-ede-cfb Two key triple DES EDE in CFB mode des-ede-ofb Two key triple DES EDE in OFB mode \& des-ede3-cbc Three key triple DES EDE in CBC mode des-ede3 Three key triple DES EDE in ECB mode des3 Alias for des-ede3-cbc des-ede3-cfb Three key triple DES EDE CFB mode des-ede3-ofb Three key triple DES EDE in OFB mode \& desx DESX algorithm. \& gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) gost89-cnt GOST 28147-89 in CNT mode (provided by ccgost engine) \& idea-cbc IDEA algorithm in CBC mode idea same as idea-cbc idea-cfb IDEA in CFB mode idea-ecb IDEA in ECB mode idea-ofb IDEA in OFB mode \& rc2-cbc 128 bit RC2 in CBC mode rc2 Alias for rc2-cbc rc2-cfb 128 bit RC2 in CFB mode rc2-ecb 128 bit RC2 in ECB mode rc2-ofb 128 bit RC2 in OFB mode rc2-64-cbc 64 bit RC2 in CBC mode rc2-40-cbc 40 bit RC2 in CBC mode \& rc4 128 bit RC4 rc4-64 64 bit RC4 rc4-40 40 bit RC4 \& rc5-cbc RC5 cipher in CBC mode rc5 Alias for rc5-cbc rc5-cfb RC5 cipher in CFB mode rc5-ecb RC5 cipher in ECB mode rc5-ofb RC5 cipher in OFB mode \& seed-cbc SEED cipher in CBC mode seed Alias for seed-cbc seed-cfb SEED cipher in CFB mode seed-ecb SEED cipher in ECB mode seed-ofb SEED cipher in OFB mode \& sm4-cbc SM4 cipher in CBC mode sm4 Alias for sm4-cbc sm4-cfb SM4 cipher in CFB mode sm4-ctr SM4 cipher in CTR mode sm4-ecb SM4 cipher in ECB mode sm4-ofb SM4 cipher in OFB mode \& aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode aes[128|192|256] Alias for aes-[128|192|256]-cbc aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode \& aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode aria[128|192|256] Alias for aria-[128|192|256]-cbc aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode \& camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode camellia[128|192|256] Alias for camellia-[128|192|256]-cbc camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode .Ve
.Vb 1 openssl base64 -in file.bin -out file.b64 .Ve
Decode the same file
.Vb 1 openssl base64 -d -in file.b64 -out file.bin .Ve
Encrypt a file using \s-1AES-128\s0 using a prompted password and \s-1PBKDF2\s0 key derivation:
.Vb 1 openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128 .Ve
Decrypt a file using a supplied password:
.Vb 2 openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \e -pass pass:<password> .Ve
Encrypt a file then base64 encode it (so it can be sent via mail for example) using \s-1AES-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation:
.Vb 1 openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256 .Ve
Base64 decode a file then decrypt it using a password supplied in a file:
.Vb 2 openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \e -pass file:<passfile> .Ve
The openssl enc command only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
The -list option was added in OpenSSL 1.1.1e.
The -ciphers and -engine options were deprecated in OpenSSL 3.0.
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.