1ENC(1) OpenSSL ENC(1)
2
3
4
6 openssl-enc, enc - symmetric cipher routines
7
9 openssl enc -cipher [-help] [-ciphers] [-in filename] [-out filename]
10 [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile
11 filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md
12 digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number] [-nopad]
13 [-debug] [-none] [-rand file...] [-writerand file] [-engine id]
14
15 openssl [cipher] [...]
16
18 The symmetric cipher commands allow data to be encrypted or decrypted
19 using various block and stream ciphers using keys based on passwords or
20 explicitly provided. Base64 encoding or decoding can also be performed
21 either by itself or in addition to the encryption or decryption.
22
24 -help
25 Print out a usage message.
26
27 -ciphers
28 List all supported ciphers.
29
30 -in filename
31 The input filename, standard input by default.
32
33 -out filename
34 The output filename, standard output by default.
35
36 -pass arg
37 The password source. For more information about the format of arg
38 see the PASS PHRASE ARGUMENTS section in openssl(1).
39
40 -e Encrypt the input data: this is the default.
41
42 -d Decrypt the input data.
43
44 -a Base64 process the data. This means that if encryption is taking
45 place the data is base64 encoded after encryption. If decryption is
46 set then the input data is base64 decoded before being decrypted.
47
48 -base64
49 Same as -a
50
51 -A If the -a option is set then base64 process the data on one line.
52
53 -k password
54 The password to derive the key from. This is for compatibility with
55 previous versions of OpenSSL. Superseded by the -pass argument.
56
57 -kfile filename
58 Read the password to derive the key from the first line of
59 filename. This is for compatibility with previous versions of
60 OpenSSL. Superseded by the -pass argument.
61
62 -md digest
63 Use the specified digest to create the key from the passphrase.
64 The default algorithm is sha-256.
65
66 -iter count
67 Use a given number of iterations on the password in deriving the
68 encryption key. High values increase the time required to brute-
69 force the resulting file. This option enables the use of PBKDF2
70 algorithm to derive the key.
71
72 -pbkdf2
73 Use PBKDF2 algorithm with default iteration count unless otherwise
74 specified.
75
76 -nosalt
77 Don't use a salt in the key derivation routines. This option SHOULD
78 NOT be used except for test purposes or compatibility with ancient
79 versions of OpenSSL.
80
81 -salt
82 Use salt (randomly generated or provide with -S option) when
83 encrypting, this is the default.
84
85 -S salt
86 The actual salt to use: this must be represented as a string of hex
87 digits.
88
89 -K key
90 The actual key to use: this must be represented as a string
91 comprised only of hex digits. If only the key is specified, the IV
92 must additionally specified using the -iv option. When both a key
93 and a password are specified, the key given with the -K option will
94 be used and the IV generated from the password will be taken. It
95 does not make much sense to specify both key and password.
96
97 -iv IV
98 The actual IV to use: this must be represented as a string
99 comprised only of hex digits. When only the key is specified using
100 the -K option, the IV must explicitly be defined. When a password
101 is being specified using one of the other options, the IV is
102 generated from this password.
103
104 -p Print out the key and IV used.
105
106 -P Print out the key and IV used then immediately exit: don't do any
107 encryption or decryption.
108
109 -bufsize number
110 Set the buffer size for I/O.
111
112 -nopad
113 Disable standard block padding.
114
115 -debug
116 Debug the BIOs used for I/O.
117
118 -z Compress or decompress clear text using zlib before encryption or
119 after decryption. This option exists only if OpenSSL with compiled
120 with zlib or zlib-dynamic option.
121
122 -none
123 Use NULL cipher (no encryption or decryption of input).
124
125 -rand file...
126 A file or files containing random data used to seed the random
127 number generator. Multiple files can be specified separated by an
128 OS-dependent character. The separator is ; for MS-Windows, , for
129 OpenVMS, and : for all others.
130
131 [-writerand file]
132 Writes random data to the specified file upon exit. This can be
133 used with a subsequent -rand flag.
134
136 The program can be called either as openssl cipher or openssl enc
137 -cipher. The first form doesn't work with engine-provided ciphers,
138 because this form is processed before the configuration file is read
139 and any ENGINEs loaded. Use the list command to get a list of
140 supported ciphers.
141
142 Engines which provide entirely new encryption algorithms (such as the
143 ccgost engine which provides gost89 algorithm) should be configured in
144 the configuration file. Engines specified on the command line using
145 -engine options can only be used for hardware-assisted implementations
146 of ciphers which are supported by the OpenSSL core or another engine
147 specified in the configuration file.
148
149 When the enc command lists supported ciphers, ciphers provided by
150 engines, specified in the configuration files are listed too.
151
152 A password will be prompted for to derive the key and IV if necessary.
153
154 The -salt option should ALWAYS be used if the key is being derived from
155 a password unless you want compatibility with previous versions of
156 OpenSSL.
157
158 Without the -salt option it is possible to perform efficient dictionary
159 attacks on the password and to attack stream cipher encrypted data. The
160 reason for this is that without the salt the same password always
161 generates the same encryption key. When the salt is being used the
162 first eight bytes of the encrypted data are reserved for the salt: it
163 is generated at random when encrypting a file and read from the
164 encrypted file when it is decrypted.
165
166 Some of the ciphers do not have large keys and others have security
167 implications if not used correctly. A beginner is advised to just use a
168 strong block cipher, such as AES, in CBC mode.
169
170 All the block ciphers normally use PKCS#5 padding, also known as
171 standard block padding. This allows a rudimentary integrity or password
172 check to be performed. However since the chance of random data passing
173 the test is better than 1 in 256 it isn't a very good test.
174
175 If padding is disabled then the input data must be a multiple of the
176 cipher block length.
177
178 All RC2 ciphers have the same key and effective key length.
179
180 Blowfish and RC5 algorithms use a 128 bit key.
181
183 Note that some of these ciphers can be disabled at compile time and
184 some are available only if an appropriate engine is configured in the
185 configuration file. The output of the enc command run with the -ciphers
186 option (that is openssl enc -ciphers) produces a list of ciphers,
187 supported by your version of OpenSSL, including ones provided by
188 configured engines.
189
190 The enc program does not support authenticated encryption modes like
191 CCM and GCM, and will not support such modes in the future. The enc
192 interface by necessity must begin streaming output (e.g., to standard
193 output when -out is not used before the authentication tag could be
194 validated, leading to the usage of enc in pipelines that begin
195 processing untrusted data and are not capable of rolling back upon
196 authentication failure. The AEAD modes currently in common use also
197 suffer from catastrophic failure of confidentiality and/or integrity
198 upon reuse of key/iv/nonce, and since enc places the entire burden of
199 key/iv/nonce management upon the user, the risk of exposing AEAD modes
200 is too great to allow. These key/iv/nonce management issues also
201 affect other modes currently exposed in enc, but the failure modes are
202 less extreme in these cases, and the functionality cannot be removed
203 with a stable release branch. For bulk encryption of data, whether
204 using authenticated encryption modes or other modes, cms(1) is
205 recommended, as it provides a standard data format and performs the
206 needed key/iv/nonce management.
207
208 base64 Base 64
209
210 bf-cbc Blowfish in CBC mode
211 bf Alias for bf-cbc
212 bf-cfb Blowfish in CFB mode
213 bf-ecb Blowfish in ECB mode
214 bf-ofb Blowfish in OFB mode
215
216 cast-cbc CAST in CBC mode
217 cast Alias for cast-cbc
218 cast5-cbc CAST5 in CBC mode
219 cast5-cfb CAST5 in CFB mode
220 cast5-ecb CAST5 in ECB mode
221 cast5-ofb CAST5 in OFB mode
222
223 des-cbc DES in CBC mode
224 des Alias for des-cbc
225 des-cfb DES in CFB mode
226 des-ofb DES in OFB mode
227 des-ecb DES in ECB mode
228
229 des-ede-cbc Two key triple DES EDE in CBC mode
230 des-ede Two key triple DES EDE in ECB mode
231 des-ede-cfb Two key triple DES EDE in CFB mode
232 des-ede-ofb Two key triple DES EDE in OFB mode
233
234 des-ede3-cbc Three key triple DES EDE in CBC mode
235 des-ede3 Three key triple DES EDE in ECB mode
236 des3 Alias for des-ede3-cbc
237 des-ede3-cfb Three key triple DES EDE CFB mode
238 des-ede3-ofb Three key triple DES EDE in OFB mode
239
240 desx DESX algorithm.
241
242 gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
243 gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
244
245 idea-cbc IDEA algorithm in CBC mode
246 idea same as idea-cbc
247 idea-cfb IDEA in CFB mode
248 idea-ecb IDEA in ECB mode
249 idea-ofb IDEA in OFB mode
250
251 rc2-cbc 128 bit RC2 in CBC mode
252 rc2 Alias for rc2-cbc
253 rc2-cfb 128 bit RC2 in CFB mode
254 rc2-ecb 128 bit RC2 in ECB mode
255 rc2-ofb 128 bit RC2 in OFB mode
256 rc2-64-cbc 64 bit RC2 in CBC mode
257 rc2-40-cbc 40 bit RC2 in CBC mode
258
259 rc4 128 bit RC4
260 rc4-64 64 bit RC4
261 rc4-40 40 bit RC4
262
263 rc5-cbc RC5 cipher in CBC mode
264 rc5 Alias for rc5-cbc
265 rc5-cfb RC5 cipher in CFB mode
266 rc5-ecb RC5 cipher in ECB mode
267 rc5-ofb RC5 cipher in OFB mode
268
269 aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
270 aes[128|192|256] Alias for aes-[128|192|256]-cbc
271 aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
272 aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
273 aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
274 aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode
275 aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
276 aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
277
278 camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
279 camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
280 camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
281 camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
282 camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
283 camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode
284 camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode
285 camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode
286
288 Just base64 encode a binary file:
289
290 openssl base64 -in file.bin -out file.b64
291
292 Decode the same file
293
294 openssl base64 -d -in file.b64 -out file.bin
295
296 Encrypt a file using triple DES in CBC mode using a prompted password:
297
298 openssl des3 -salt -in file.txt -out file.des3
299
300 Decrypt a file using a supplied password:
301
302 openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
303
304 Encrypt a file then base64 encode it (so it can be sent via mail for
305 example) using Blowfish in CBC mode:
306
307 openssl bf -a -salt -in file.txt -out file.bf
308
309 Base64 decode a file then decrypt it:
310
311 openssl bf -d -salt -a -in file.bf -out file.txt
312
313 Decrypt some data using a supplied 40 bit RC4 key:
314
315 openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
316
318 The -A option when used with large files doesn't work properly.
319
320 The enc program only supports a fixed number of algorithms with certain
321 parameters. So if, for example, you want to use RC2 with a 76 bit key
322 or RC4 with an 84 bit key you can't use this program.
323
325 The default digest was changed from MD5 to SHA256 in Openssl 1.1.0.
326
328 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
329
330 Licensed under the OpenSSL license (the "License"). You may not use
331 this file except in compliance with the License. You can obtain a copy
332 in the file LICENSE in the source distribution or at
333 <https://www.openssl.org/source/license.html>.
334
335
336
3371.1.1 2018-09-11 ENC(1)