1ENC(1)                              OpenSSL                             ENC(1)
2
3
4

NAME

6       openssl-enc, enc - symmetric cipher routines
7

SYNOPSIS

9       openssl enc -cipher [-help] [-list] [-ciphers] [-in filename] [-out
10       filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password]
11       [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z]
12       [-md digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number]
13       [-nopad] [-debug] [-none] [-rand file...]  [-writerand file] [-engine
14       id]
15
16       openssl [cipher] [...]
17

DESCRIPTION

19       The symmetric cipher commands allow data to be encrypted or decrypted
20       using various block and stream ciphers using keys based on passwords or
21       explicitly provided. Base64 encoding or decoding can also be performed
22       either by itself or in addition to the encryption or decryption.
23

OPTIONS

25       -help
26           Print out a usage message.
27
28       -list
29           List all supported ciphers.
30
31       -ciphers
32           Alias of -list to display all supported ciphers.
33
34       -in filename
35           The input filename, standard input by default.
36
37       -out filename
38           The output filename, standard output by default.
39
40       -pass arg
41           The password source. For more information about the format of arg
42           see "Pass Phrase Options" in openssl(1).
43
44       -e  Encrypt the input data: this is the default.
45
46       -d  Decrypt the input data.
47
48       -a  Base64 process the data. This means that if encryption is taking
49           place the data is base64 encoded after encryption. If decryption is
50           set then the input data is base64 decoded before being decrypted.
51
52       -base64
53           Same as -a
54
55       -A  If the -a option is set then base64 process the data on one line.
56
57       -k password
58           The password to derive the key from. This is for compatibility with
59           previous versions of OpenSSL. Superseded by the -pass argument.
60
61       -kfile filename
62           Read the password to derive the key from the first line of
63           filename.  This is for compatibility with previous versions of
64           OpenSSL. Superseded by the -pass argument.
65
66       -md digest
67           Use the specified digest to create the key from the passphrase.
68           The default algorithm is sha-256.
69
70       -iter count
71           Use a given number of iterations on the password in deriving the
72           encryption key.  High values increase the time required to brute-
73           force the resulting file.  This option enables the use of PBKDF2
74           algorithm to derive the key.
75
76       -pbkdf2
77           Use PBKDF2 algorithm with default iteration count unless otherwise
78           specified.
79
80       -nosalt
81           Don't use a salt in the key derivation routines. This option SHOULD
82           NOT be used except for test purposes or compatibility with ancient
83           versions of OpenSSL.
84
85       -salt
86           Use salt (randomly generated or provide with -S option) when
87           encrypting, this is the default.
88
89       -S salt
90           The actual salt to use: this must be represented as a string of hex
91           digits.
92
93       -K key
94           The actual key to use: this must be represented as a string
95           comprised only of hex digits. If only the key is specified, the IV
96           must additionally specified using the -iv option. When both a key
97           and a password are specified, the key given with the -K option will
98           be used and the IV generated from the password will be taken. It
99           does not make much sense to specify both key and password.
100
101       -iv IV
102           The actual IV to use: this must be represented as a string
103           comprised only of hex digits. When only the key is specified using
104           the -K option, the IV must explicitly be defined. When a password
105           is being specified using one of the other options, the IV is
106           generated from this password.
107
108       -p  Print out the key and IV used.
109
110       -P  Print out the key and IV used then immediately exit: don't do any
111           encryption or decryption.
112
113       -bufsize number
114           Set the buffer size for I/O.
115
116       -nopad
117           Disable standard block padding.
118
119       -debug
120           Debug the BIOs used for I/O.
121
122       -z  Compress or decompress encrypted data using zlib after encryption
123           or before decryption. This option exists only if OpenSSL was
124           compiled with the zlib or zlib-dynamic option.
125
126       -none
127           Use NULL cipher (no encryption or decryption of input).
128
129       -rand file...
130           A file or files containing random data used to seed the random
131           number generator.  Multiple files can be specified separated by an
132           OS-dependent character.  The separator is ; for MS-Windows, , for
133           OpenVMS, and : for all others.
134
135       [-writerand file]
136           Writes random data to the specified file upon exit.  This can be
137           used with a subsequent -rand flag.
138

NOTES

140       The program can be called either as openssl cipher or openssl enc
141       -cipher. The first form doesn't work with engine-provided ciphers,
142       because this form is processed before the configuration file is read
143       and any ENGINEs loaded.  Use the list command to get a list of
144       supported ciphers.
145
146       Engines which provide entirely new encryption algorithms (such as the
147       ccgost engine which provides gost89 algorithm) should be configured in
148       the configuration file. Engines specified on the command line using
149       -engine options can only be used for hardware-assisted implementations
150       of ciphers which are supported by the OpenSSL core or another engine
151       specified in the configuration file.
152
153       When the enc command lists supported ciphers, ciphers provided by
154       engines, specified in the configuration files are listed too.
155
156       A password will be prompted for to derive the key and IV if necessary.
157
158       The -salt option should ALWAYS be used if the key is being derived from
159       a password unless you want compatibility with previous versions of
160       OpenSSL.
161
162       Without the -salt option it is possible to perform efficient dictionary
163       attacks on the password and to attack stream cipher encrypted data. The
164       reason for this is that without the salt the same password always
165       generates the same encryption key. When the salt is being used the
166       first eight bytes of the encrypted data are reserved for the salt: it
167       is generated at random when encrypting a file and read from the
168       encrypted file when it is decrypted.
169
170       Some of the ciphers do not have large keys and others have security
171       implications if not used correctly. A beginner is advised to just use a
172       strong block cipher, such as AES, in CBC mode.
173
174       All the block ciphers normally use PKCS#5 padding, also known as
175       standard block padding. This allows a rudimentary integrity or password
176       check to be performed. However, since the chance of random data passing
177       the test is better than 1 in 256 it isn't a very good test.
178
179       If padding is disabled then the input data must be a multiple of the
180       cipher block length.
181
182       All RC2 ciphers have the same key and effective key length.
183
184       Blowfish and RC5 algorithms use a 128 bit key.
185

SUPPORTED CIPHERS

187       Note that some of these ciphers can be disabled at compile time and
188       some are available only if an appropriate engine is configured in the
189       configuration file. The output of the enc command run with the -ciphers
190       option (that is openssl enc -ciphers) produces a list of ciphers,
191       supported by your version of OpenSSL, including ones provided by
192       configured engines.
193
194       The enc program does not support authenticated encryption modes like
195       CCM and GCM, and will not support such modes in the future.  The enc
196       interface by necessity must begin streaming output (e.g., to standard
197       output when -out is not used) before the authentication tag could be
198       validated, leading to the usage of enc in pipelines that begin
199       processing untrusted data and are not capable of rolling back upon
200       authentication failure.  The AEAD modes currently in common use also
201       suffer from catastrophic failure of confidentiality and/or integrity
202       upon reuse of key/iv/nonce, and since enc places the entire burden of
203       key/iv/nonce management upon the user, the risk of exposing AEAD modes
204       is too great to allow.  These key/iv/nonce management issues also
205       affect other modes currently exposed in enc, but the failure modes are
206       less extreme in these cases, and the functionality cannot be removed
207       with a stable release branch.  For bulk encryption of data, whether
208       using authenticated encryption modes or other modes, cms(1) is
209       recommended, as it provides a standard data format and performs the
210       needed key/iv/nonce management.
211
212        base64             Base 64
213
214        bf-cbc             Blowfish in CBC mode
215        bf                 Alias for bf-cbc
216        blowfish           Alias for bf-cbc
217        bf-cfb             Blowfish in CFB mode
218        bf-ecb             Blowfish in ECB mode
219        bf-ofb             Blowfish in OFB mode
220
221        cast-cbc           CAST in CBC mode
222        cast               Alias for cast-cbc
223        cast5-cbc          CAST5 in CBC mode
224        cast5-cfb          CAST5 in CFB mode
225        cast5-ecb          CAST5 in ECB mode
226        cast5-ofb          CAST5 in OFB mode
227
228        chacha20           ChaCha20 algorithm
229
230        des-cbc            DES in CBC mode
231        des                Alias for des-cbc
232        des-cfb            DES in CFB mode
233        des-ofb            DES in OFB mode
234        des-ecb            DES in ECB mode
235
236        des-ede-cbc        Two key triple DES EDE in CBC mode
237        des-ede            Two key triple DES EDE in ECB mode
238        des-ede-cfb        Two key triple DES EDE in CFB mode
239        des-ede-ofb        Two key triple DES EDE in OFB mode
240
241        des-ede3-cbc       Three key triple DES EDE in CBC mode
242        des-ede3           Three key triple DES EDE in ECB mode
243        des3               Alias for des-ede3-cbc
244        des-ede3-cfb       Three key triple DES EDE CFB mode
245        des-ede3-ofb       Three key triple DES EDE in OFB mode
246
247        desx               DESX algorithm.
248
249        gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
250        gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
251
252        idea-cbc           IDEA algorithm in CBC mode
253        idea               same as idea-cbc
254        idea-cfb           IDEA in CFB mode
255        idea-ecb           IDEA in ECB mode
256        idea-ofb           IDEA in OFB mode
257
258        rc2-cbc            128 bit RC2 in CBC mode
259        rc2                Alias for rc2-cbc
260        rc2-cfb            128 bit RC2 in CFB mode
261        rc2-ecb            128 bit RC2 in ECB mode
262        rc2-ofb            128 bit RC2 in OFB mode
263        rc2-64-cbc         64 bit RC2 in CBC mode
264        rc2-40-cbc         40 bit RC2 in CBC mode
265
266        rc4                128 bit RC4
267        rc4-64             64 bit RC4
268        rc4-40             40 bit RC4
269
270        rc5-cbc            RC5 cipher in CBC mode
271        rc5                Alias for rc5-cbc
272        rc5-cfb            RC5 cipher in CFB mode
273        rc5-ecb            RC5 cipher in ECB mode
274        rc5-ofb            RC5 cipher in OFB mode
275
276        seed-cbc           SEED cipher in CBC mode
277        seed               Alias for seed-cbc
278        seed-cfb           SEED cipher in CFB mode
279        seed-ecb           SEED cipher in ECB mode
280        seed-ofb           SEED cipher in OFB mode
281
282        sm4-cbc            SM4 cipher in CBC mode
283        sm4                Alias for sm4-cbc
284        sm4-cfb            SM4 cipher in CFB mode
285        sm4-ctr            SM4 cipher in CTR mode
286        sm4-ecb            SM4 cipher in ECB mode
287        sm4-ofb            SM4 cipher in OFB mode
288
289        aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
290        aes[128|192|256]       Alias for aes-[128|192|256]-cbc
291        aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
292        aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
293        aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
294        aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
295        aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
296        aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
297
298        aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
299        aria[128|192|256]       Alias for aria-[128|192|256]-cbc
300        aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
301        aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
302        aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
303        aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
304        aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
305        aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
306
307        camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
308        camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
309        camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
310        camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
311        camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
312        camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
313        camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
314        camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
315

EXAMPLES

317       Just base64 encode a binary file:
318
319        openssl base64 -in file.bin -out file.b64
320
321       Decode the same file
322
323        openssl base64 -d -in file.b64 -out file.bin
324
325       Encrypt a file using AES-128 using a prompted password and PBKDF2 key
326       derivation:
327
328        openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
329
330       Decrypt a file using a supplied password:
331
332        openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
333           -pass pass:<password>
334
335       Encrypt a file then base64 encode it (so it can be sent via mail for
336       example) using AES-256 in CTR mode and PBKDF2 key derivation:
337
338        openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
339
340       Base64 decode a file then decrypt it using a password supplied in a
341       file:
342
343        openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
344           -pass file:<passfile>
345

BUGS

347       The -A option when used with large files doesn't work properly.
348
349       The enc program only supports a fixed number of algorithms with certain
350       parameters. So if, for example, you want to use RC2 with a 76 bit key
351       or RC4 with an 84 bit key you can't use this program.
352

HISTORY

354       The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
355
356       The -list option was added in OpenSSL 1.1.1e.
357
359       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
360
361       Licensed under the OpenSSL license (the "License").  You may not use
362       this file except in compliance with the License.  You can obtain a copy
363       in the file LICENSE in the source distribution or at
364       <https://www.openssl.org/source/license.html>.
365
366
367
3681.1.1l                            2021-09-15                            ENC(1)
Impressum