1ENC(1) OpenSSL ENC(1)
2
6 openssl-enc, enc - symmetric cipher routines
7
9 openssl enc -cipher [-help] [-list] [-ciphers] [-in filename] [-out
10 filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password]
11 [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z]
12 [-md digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number]
13 [-nopad] [-debug] [-none] [-rand file...] [-writerand file] [-engine
14 id]
15 openssl [cipher] [...]
17
19 The symmetric cipher commands allow data to be encrypted or decrypted
20 using various block and stream ciphers using keys based on passwords or
21 explicitly provided. Base64 encoding or decoding can also be performed
22 either by itself or in addition to the encryption or decryption.
23
25 -help
26 Print out a usage message.
27 -list
29 List all supported ciphers.
30 -ciphers
32 Alias of -list to display all supported ciphers.
33 -in filename
35 The input filename, standard input by default.
36 -out filename
38 The output filename, standard output by default.
39 -pass arg
41 The password source. For more information about the format of arg
42 see "Pass Phrase Options" in openssl(1).
43 -e Encrypt the input data: this is the default.
45 -d Decrypt the input data.
47 -a Base64 process the data. This means that if encryption is taking
49 place the data is base64 encoded after encryption. If decryption is
50 set then the input data is base64 decoded before being decrypted.
51 -base64
53 Same as -a
54 -A If the -a option is set then base64 process the data on one line.
56 -k password
58 The password to derive the key from. This is for compatibility with
59 previous versions of OpenSSL. Superseded by the -pass argument.
60 -kfile filename
62 Read the password to derive the key from the first line of
63 filename. This is for compatibility with previous versions of
64 OpenSSL. Superseded by the -pass argument.
65 -md digest
67 Use the specified digest to create the key from the passphrase.
68 The default algorithm is sha-256.
69 -iter count
71 Use a given number of iterations on the password in deriving the
72 encryption key. High values increase the time required to brute-
73 force the resulting file. This option enables the use of PBKDF2
74 algorithm to derive the key.
75 -pbkdf2
77 Use PBKDF2 algorithm with default iteration count unless otherwise
78 specified.
79 -nosalt
81 Don't use a salt in the key derivation routines. This option SHOULD
82 NOT be used except for test purposes or compatibility with ancient
83 versions of OpenSSL.
84 -salt
86 Use salt (randomly generated or provide with -S option) when
87 encrypting, this is the default.
88 -S salt
90 The actual salt to use: this must be represented as a string of hex
91 digits.
92 -K key
94 The actual key to use: this must be represented as a string
95 comprised only of hex digits. If only the key is specified, the IV
96 must additionally specified using the -iv option. When both a key
97 and a password are specified, the key given with the -K option will
98 be used and the IV generated from the password will be taken. It
99 does not make much sense to specify both key and password.
100 -iv IV
102 The actual IV to use: this must be represented as a string
103 comprised only of hex digits. When only the key is specified using
104 the -K option, the IV must explicitly be defined. When a password
105 is being specified using one of the other options, the IV is
106 generated from this password.
107 -p Print out the key and IV used.
109 -P Print out the key and IV used then immediately exit: don't do any
111 encryption or decryption.
112 -bufsize number
114 Set the buffer size for I/O.
115 -nopad
117 Disable standard block padding.
118 -debug
120 Debug the BIOs used for I/O.
121 -z Compress or decompress encrypted data using zlib after encryption
123 or before decryption. This option exists only if OpenSSL was
124 compiled with the zlib or zlib-dynamic option.
125 -none
127 Use NULL cipher (no encryption or decryption of input).
128 -rand file...
130 A file or files containing random data used to seed the random
131 number generator. Multiple files can be specified separated by an
132 OS-dependent character. The separator is ; for MS-Windows, , for
133 OpenVMS, and : for all others.
134 [-writerand file]
136 Writes random data to the specified file upon exit. This can be
137 used with a subsequent -rand flag.
138
140 The program can be called either as openssl cipher or openssl enc
141 -cipher. The first form doesn't work with engine-provided ciphers,
142 because this form is processed before the configuration file is read
143 and any ENGINEs loaded. Use the list command to get a list of
144 supported ciphers.
145 Engines which provide entirely new encryption algorithms (such as the
147 ccgost engine which provides gost89 algorithm) should be configured in
148 the configuration file. Engines specified on the command line using
149 -engine options can only be used for hardware-assisted implementations
150 of ciphers which are supported by the OpenSSL core or another engine
151 specified in the configuration file.
152 When the enc command lists supported ciphers, ciphers provided by
154 engines, specified in the configuration files are listed too.
155 A password will be prompted for to derive the key and IV if necessary.
157 The -salt option should ALWAYS be used if the key is being derived from
159 a password unless you want compatibility with previous versions of
160 OpenSSL.
161 Without the -salt option it is possible to perform efficient dictionary
163 attacks on the password and to attack stream cipher encrypted data. The
164 reason for this is that without the salt the same password always
165 generates the same encryption key. When the salt is being used the
166 first eight bytes of the encrypted data are reserved for the salt: it
167 is generated at random when encrypting a file and read from the
168 encrypted file when it is decrypted.
169 Some of the ciphers do not have large keys and others have security
171 implications if not used correctly. A beginner is advised to just use a
172 strong block cipher, such as AES, in CBC mode.
173 All the block ciphers normally use PKCS#5 padding, also known as
175 standard block padding. This allows a rudimentary integrity or password
176 check to be performed. However, since the chance of random data passing
177 the test is better than 1 in 256 it isn't a very good test.
178 If padding is disabled then the input data must be a multiple of the
180 cipher block length.
181 All RC2 ciphers have the same key and effective key length.
183 Blowfish and RC5 algorithms use a 128 bit key.
185
187 Note that some of these ciphers can be disabled at compile time and
188 some are available only if an appropriate engine is configured in the
189 configuration file. The output of the enc command run with the -ciphers
190 option (that is openssl enc -ciphers) produces a list of ciphers,
191 supported by your version of OpenSSL, including ones provided by
192 configured engines.
193 The enc program does not support authenticated encryption modes like
195 CCM and GCM, and will not support such modes in the future. The enc
196 interface by necessity must begin streaming output (e.g., to standard
197 output when -out is not used) before the authentication tag could be
198 validated, leading to the usage of enc in pipelines that begin
199 processing untrusted data and are not capable of rolling back upon
200 authentication failure. The AEAD modes currently in common use also
201 suffer from catastrophic failure of confidentiality and/or integrity
202 upon reuse of key/iv/nonce, and since enc places the entire burden of
203 key/iv/nonce management upon the user, the risk of exposing AEAD modes
204 is too great to allow. These key/iv/nonce management issues also
205 affect other modes currently exposed in enc, but the failure modes are
206 less extreme in these cases, and the functionality cannot be removed
207 with a stable release branch. For bulk encryption of data, whether
208 using authenticated encryption modes or other modes, cms(1) is
209 recommended, as it provides a standard data format and performs the
210 needed key/iv/nonce management.
211 base64 Base 64
213 bf-cbc Blowfish in CBC mode
215 bf Alias for bf-cbc
216 blowfish Alias for bf-cbc
217 bf-cfb Blowfish in CFB mode
218 bf-ecb Blowfish in ECB mode
219 bf-ofb Blowfish in OFB mode
220 cast-cbc CAST in CBC mode
222 cast Alias for cast-cbc
223 cast5-cbc CAST5 in CBC mode
224 cast5-cfb CAST5 in CFB mode
225 cast5-ecb CAST5 in ECB mode
226 cast5-ofb CAST5 in OFB mode
227 chacha20 ChaCha20 algorithm
229 des-cbc DES in CBC mode
231 des Alias for des-cbc
232 des-cfb DES in CFB mode
233 des-ofb DES in OFB mode
234 des-ecb DES in ECB mode
235 des-ede-cbc Two key triple DES EDE in CBC mode
237 des-ede Two key triple DES EDE in ECB mode
238 des-ede-cfb Two key triple DES EDE in CFB mode
239 des-ede-ofb Two key triple DES EDE in OFB mode
240 des-ede3-cbc Three key triple DES EDE in CBC mode
242 des-ede3 Three key triple DES EDE in ECB mode
243 des3 Alias for des-ede3-cbc
244 des-ede3-cfb Three key triple DES EDE CFB mode
245 des-ede3-ofb Three key triple DES EDE in OFB mode
246 desx DESX algorithm.
248 gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
250 gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
251 idea-cbc IDEA algorithm in CBC mode
253 idea same as idea-cbc
254 idea-cfb IDEA in CFB mode
255 idea-ecb IDEA in ECB mode
256 idea-ofb IDEA in OFB mode
257 rc2-cbc 128 bit RC2 in CBC mode
259 rc2 Alias for rc2-cbc
260 rc2-cfb 128 bit RC2 in CFB mode
261 rc2-ecb 128 bit RC2 in ECB mode
262 rc2-ofb 128 bit RC2 in OFB mode
263 rc2-64-cbc 64 bit RC2 in CBC mode
264 rc2-40-cbc 40 bit RC2 in CBC mode
265 rc4 128 bit RC4
267 rc4-64 64 bit RC4
268 rc4-40 40 bit RC4
269 rc5-cbc RC5 cipher in CBC mode
271 rc5 Alias for rc5-cbc
272 rc5-cfb RC5 cipher in CFB mode
273 rc5-ecb RC5 cipher in ECB mode
274 rc5-ofb RC5 cipher in OFB mode
275 seed-cbc SEED cipher in CBC mode
277 seed Alias for seed-cbc
278 seed-cfb SEED cipher in CFB mode
279 seed-ecb SEED cipher in ECB mode
280 seed-ofb SEED cipher in OFB mode
281 sm4-cbc SM4 cipher in CBC mode
283 sm4 Alias for sm4-cbc
284 sm4-cfb SM4 cipher in CFB mode
285 sm4-ctr SM4 cipher in CTR mode
286 sm4-ecb SM4 cipher in ECB mode
287 sm4-ofb SM4 cipher in OFB mode
288 aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
290 aes[128|192|256] Alias for aes-[128|192|256]-cbc
291 aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
292 aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
293 aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
294 aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode
295 aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
296 aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
297 aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
299 aria[128|192|256] Alias for aria-[128|192|256]-cbc
300 aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
301 aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
302 aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
303 aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
304 aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
305 aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
306 camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
308 camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
309 camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
310 camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
311 camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
312 camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode
313 camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode
314 camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode
315
317 Just base64 encode a binary file:
318 openssl base64 -in file.bin -out file.b64
320 Decode the same file
322 openssl base64 -d -in file.b64 -out file.bin
324 Encrypt a file using AES-128 using a prompted password and PBKDF2 key
326 derivation:
327 openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
329 Decrypt a file using a supplied password:
331 openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
333 -pass pass:<password>
334 Encrypt a file then base64 encode it (so it can be sent via mail for
336 example) using AES-256 in CTR mode and PBKDF2 key derivation:
337 openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
339 Base64 decode a file then decrypt it using a password supplied in a
341 file:
342 openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
344 -pass file:<passfile>
345
347 The -A option when used with large files doesn't work properly.
348 The enc program only supports a fixed number of algorithms with certain
350 parameters. So if, for example, you want to use RC2 with a 76 bit key
351 or RC4 with an 84 bit key you can't use this program.
352
354 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
355 The -list option was added in OpenSSL 1.1.1e.
357
359 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
360 Licensed under the OpenSSL license (the "License"). You may not use
362 this file except in compliance with the License. You can obtain a copy
363 in the file LICENSE in the source distribution or at
364 <https://www.openssl.org/source/license.html>.
3651.1.1l 2021-09-15 ENC(1)