1ENC(1) OpenSSL ENC(1)
2
6 openssl-enc, enc - symmetric cipher routines
7
9 openssl enc -cipher [-help] [-ciphers] [-in filename] [-out filename]
10 [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile
11 filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md
12 digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number] [-nopad]
13 [-debug] [-none] [-rand file...] [-writerand file] [-engine id]
14 openssl [cipher] [...]
16
18 The symmetric cipher commands allow data to be encrypted or decrypted
19 using various block and stream ciphers using keys based on passwords or
20 explicitly provided. Base64 encoding or decoding can also be performed
21 either by itself or in addition to the encryption or decryption.
22
24 -help
25 Print out a usage message.
26 -ciphers
28 List all supported ciphers.
29 -in filename
31 The input filename, standard input by default.
32 -out filename
34 The output filename, standard output by default.
35 -pass arg
37 The password source. For more information about the format of arg
38 see the PASS PHRASE ARGUMENTS section in openssl(1).
39 -e Encrypt the input data: this is the default.
41 -d Decrypt the input data.
43 -a Base64 process the data. This means that if encryption is taking
45 place the data is base64 encoded after encryption. If decryption is
46 set then the input data is base64 decoded before being decrypted.
47 -base64
49 Same as -a
50 -A If the -a option is set then base64 process the data on one line.
52 -k password
54 The password to derive the key from. This is for compatibility with
55 previous versions of OpenSSL. Superseded by the -pass argument.
56 -kfile filename
58 Read the password to derive the key from the first line of
59 filename. This is for compatibility with previous versions of
60 OpenSSL. Superseded by the -pass argument.
61 -md digest
63 Use the specified digest to create the key from the passphrase.
64 The default algorithm is sha-256.
65 -iter count
67 Use a given number of iterations on the password in deriving the
68 encryption key. High values increase the time required to brute-
69 force the resulting file. This option enables the use of PBKDF2
70 algorithm to derive the key.
71 -pbkdf2
73 Use PBKDF2 algorithm with default iteration count unless otherwise
74 specified.
75 -nosalt
77 Don't use a salt in the key derivation routines. This option SHOULD
78 NOT be used except for test purposes or compatibility with ancient
79 versions of OpenSSL.
80 -salt
82 Use salt (randomly generated or provide with -S option) when
83 encrypting, this is the default.
84 -S salt
86 The actual salt to use: this must be represented as a string of hex
87 digits.
88 -K key
90 The actual key to use: this must be represented as a string
91 comprised only of hex digits. If only the key is specified, the IV
92 must additionally specified using the -iv option. When both a key
93 and a password are specified, the key given with the -K option will
94 be used and the IV generated from the password will be taken. It
95 does not make much sense to specify both key and password.
96 -iv IV
98 The actual IV to use: this must be represented as a string
99 comprised only of hex digits. When only the key is specified using
100 the -K option, the IV must explicitly be defined. When a password
101 is being specified using one of the other options, the IV is
102 generated from this password.
103 -p Print out the key and IV used.
105 -P Print out the key and IV used then immediately exit: don't do any
107 encryption or decryption.
108 -bufsize number
110 Set the buffer size for I/O.
111 -nopad
113 Disable standard block padding.
114 -debug
116 Debug the BIOs used for I/O.
117 -z Compress or decompress clear text using zlib before encryption or
119 after decryption. This option exists only if OpenSSL with compiled
120 with zlib or zlib-dynamic option.
121 -none
123 Use NULL cipher (no encryption or decryption of input).
124 -rand file...
126 A file or files containing random data used to seed the random
127 number generator. Multiple files can be specified separated by an
128 OS-dependent character. The separator is ; for MS-Windows, , for
129 OpenVMS, and : for all others.
130 [-writerand file]
132 Writes random data to the specified file upon exit. This can be
133 used with a subsequent -rand flag.
134
136 The program can be called either as openssl cipher or openssl enc
137 -cipher. The first form doesn't work with engine-provided ciphers,
138 because this form is processed before the configuration file is read
139 and any ENGINEs loaded. Use the list command to get a list of
140 supported ciphers.
141 Engines which provide entirely new encryption algorithms (such as the
143 ccgost engine which provides gost89 algorithm) should be configured in
144 the configuration file. Engines specified on the command line using
145 -engine options can only be used for hardware-assisted implementations
146 of ciphers which are supported by the OpenSSL core or another engine
147 specified in the configuration file.
148 When the enc command lists supported ciphers, ciphers provided by
150 engines, specified in the configuration files are listed too.
151 A password will be prompted for to derive the key and IV if necessary.
153 The -salt option should ALWAYS be used if the key is being derived from
155 a password unless you want compatibility with previous versions of
156 OpenSSL.
157 Without the -salt option it is possible to perform efficient dictionary
159 attacks on the password and to attack stream cipher encrypted data. The
160 reason for this is that without the salt the same password always
161 generates the same encryption key. When the salt is being used the
162 first eight bytes of the encrypted data are reserved for the salt: it
163 is generated at random when encrypting a file and read from the
164 encrypted file when it is decrypted.
165 Some of the ciphers do not have large keys and others have security
167 implications if not used correctly. A beginner is advised to just use a
168 strong block cipher, such as AES, in CBC mode.
169 All the block ciphers normally use PKCS#5 padding, also known as
171 standard block padding. This allows a rudimentary integrity or password
172 check to be performed. However since the chance of random data passing
173 the test is better than 1 in 256 it isn't a very good test.
174 If padding is disabled then the input data must be a multiple of the
176 cipher block length.
177 All RC2 ciphers have the same key and effective key length.
179 Blowfish and RC5 algorithms use a 128 bit key.
181
183 Note that some of these ciphers can be disabled at compile time and
184 some are available only if an appropriate engine is configured in the
185 configuration file. The output of the enc command run with the -ciphers
186 option (that is openssl enc -ciphers) produces a list of ciphers,
187 supported by your version of OpenSSL, including ones provided by
188 configured engines.
189 The enc program does not support authenticated encryption modes like
191 CCM and GCM, and will not support such modes in the future. The enc
192 interface by necessity must begin streaming output (e.g., to standard
193 output when -out is not used) before the authentication tag could be
194 validated, leading to the usage of enc in pipelines that begin
195 processing untrusted data and are not capable of rolling back upon
196 authentication failure. The AEAD modes currently in common use also
197 suffer from catastrophic failure of confidentiality and/or integrity
198 upon reuse of key/iv/nonce, and since enc places the entire burden of
199 key/iv/nonce management upon the user, the risk of exposing AEAD modes
200 is too great to allow. These key/iv/nonce management issues also
201 affect other modes currently exposed in enc, but the failure modes are
202 less extreme in these cases, and the functionality cannot be removed
203 with a stable release branch. For bulk encryption of data, whether
204 using authenticated encryption modes or other modes, cms(1) is
205 recommended, as it provides a standard data format and performs the
206 needed key/iv/nonce management.
207 base64 Base 64
209 bf-cbc Blowfish in CBC mode
211 bf Alias for bf-cbc
212 blowfish Alias for bf-cbc
213 bf-cfb Blowfish in CFB mode
214 bf-ecb Blowfish in ECB mode
215 bf-ofb Blowfish in OFB mode
216 cast-cbc CAST in CBC mode
218 cast Alias for cast-cbc
219 cast5-cbc CAST5 in CBC mode
220 cast5-cfb CAST5 in CFB mode
221 cast5-ecb CAST5 in ECB mode
222 cast5-ofb CAST5 in OFB mode
223 chacha20 ChaCha20 algorithm
225 des-cbc DES in CBC mode
227 des Alias for des-cbc
228 des-cfb DES in CFB mode
229 des-ofb DES in OFB mode
230 des-ecb DES in ECB mode
231 des-ede-cbc Two key triple DES EDE in CBC mode
233 des-ede Two key triple DES EDE in ECB mode
234 des-ede-cfb Two key triple DES EDE in CFB mode
235 des-ede-ofb Two key triple DES EDE in OFB mode
236 des-ede3-cbc Three key triple DES EDE in CBC mode
238 des-ede3 Three key triple DES EDE in ECB mode
239 des3 Alias for des-ede3-cbc
240 des-ede3-cfb Three key triple DES EDE CFB mode
241 des-ede3-ofb Three key triple DES EDE in OFB mode
242 desx DESX algorithm.
244 gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
246 gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
247 idea-cbc IDEA algorithm in CBC mode
249 idea same as idea-cbc
250 idea-cfb IDEA in CFB mode
251 idea-ecb IDEA in ECB mode
252 idea-ofb IDEA in OFB mode
253 rc2-cbc 128 bit RC2 in CBC mode
255 rc2 Alias for rc2-cbc
256 rc2-cfb 128 bit RC2 in CFB mode
257 rc2-ecb 128 bit RC2 in ECB mode
258 rc2-ofb 128 bit RC2 in OFB mode
259 rc2-64-cbc 64 bit RC2 in CBC mode
260 rc2-40-cbc 40 bit RC2 in CBC mode
261 rc4 128 bit RC4
263 rc4-64 64 bit RC4
264 rc4-40 40 bit RC4
265 rc5-cbc RC5 cipher in CBC mode
267 rc5 Alias for rc5-cbc
268 rc5-cfb RC5 cipher in CFB mode
269 rc5-ecb RC5 cipher in ECB mode
270 rc5-ofb RC5 cipher in OFB mode
271 seed-cbc SEED cipher in CBC mode
273 seed Alias for seed-cbc
274 seed-cfb SEED cipher in CFB mode
275 seed-ecb SEED cipher in ECB mode
276 seed-ofb SEED cipher in OFB mode
277 sm4-cbc SM4 cipher in CBC mode
279 sm4 Alias for sm4-cbc
280 sm4-cfb SM4 cipher in CFB mode
281 sm4-ctr SM4 cipher in CTR mode
282 sm4-ecb SM4 cipher in ECB mode
283 sm4-ofb SM4 cipher in OFB mode
284 aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
286 aes[128|192|256] Alias for aes-[128|192|256]-cbc
287 aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
288 aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
289 aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
290 aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode
291 aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
292 aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
293 aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
295 aria[128|192|256] Alias for aria-[128|192|256]-cbc
296 aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
297 aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
298 aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
299 aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
300 aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
301 aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
302 camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
304 camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
305 camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
306 camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
307 camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
308 camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode
309 camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode
310 camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode
311
313 Just base64 encode a binary file:
314 openssl base64 -in file.bin -out file.b64
316 Decode the same file
318 openssl base64 -d -in file.b64 -out file.bin
320 Encrypt a file using AES-128 using a prompted password and PBKDF2 key
322 derivation:
323 openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
325 Decrypt a file using a supplied password:
327 openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
329 -pass pass:<password>
330 Encrypt a file then base64 encode it (so it can be sent via mail for
332 example) using AES-256 in CTR mode and PBKDF2 key derivation:
333 openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
335 Base64 decode a file then decrypt it using a password supplied in a
337 file:
338 openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
340 -pass file:<passfile>
341
343 The -A option when used with large files doesn't work properly.
344 The enc program only supports a fixed number of algorithms with certain
346 parameters. So if, for example, you want to use RC2 with a 76 bit key
347 or RC4 with an 84 bit key you can't use this program.
348
350 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
351
353 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
354 Licensed under the OpenSSL license (the "License"). You may not use
356 this file except in compliance with the License. You can obtain a copy
357 in the file LICENSE in the source distribution or at
358 <https://www.openssl.org/source/license.html>.
3591.1.1c 2019-05-28 ENC(1)