1KCAPI-ENC(1) General Commands Manual KCAPI-ENC(1)
2
6 kcapi-enc - Kernel Crypto API Symmetric Cipher Crypto Helper
7
9 kcapi-enc [OPTION]
10
12 The kcapi-enc application provides tool to use the symmetric ciphers of
13 the Linux kernel crypto API from the command line.
14 The input data can be provided either via STDIN or via a file that is
16 referenced with a command line option. Similarly, the output data can
17 either be sent to a file referenced with a command line option or to
18 STDOUT.
19 The majority of symmetric ciphers are block ciphers requiring the input
21 data to be multiples of the block size. kcapi-enc automatically adds
22 padding when using block ciphers and input data whose size is not a
23 multiple of the cipher's block size during encryption. An automated un‐
24 padding during decryption is only applied when the input and output
25 data is provided as files. If either the input data is provided via
26 STDIN or the output data is obtained via STDOUT, the unpadding is not
27 applied.
28 The used padding schema is consistent with OpenSSL's enc application.
30 Data encrypted with OpenSSL's enc tool can be decrypted with kcapi-enc
31 and vice versa.
32 The symmetric key used for the cryptographic operation can either be
34 provided via a file descriptor or via a password. When using a file de‐
35 scriptor, the provided data is taken directly as the symmetric key. As
36 the Linux kernel crypto API does not allow specifying the used key size
37 with the cipher algorithm name (e.g. AES-128 or AES-256 cannot be spec‐
38 ified, but only AES), the size of the provided key defines which cipher
39 operation is used. When providing a password, the kcapi-enc application
40 derives a 256 bit key from the password using PBKDF2. PBKDF2 with
41 HMAC-SHA256 as default transforms the password into a key. The PBKDF2
42 operation requires two additional input values: a salt and an iteration
43 count. Both can be provided via the command line. If the iteration
44 count is not specified, kcapi-enc determines the iteration count inter‐
45 nally by counting how many iterations are necessary to surpass 100ms
46 operation time. The determined number is provided via STDERR and must
47 be re-used when decrypting the data. If the salt is not provided via
48 command line, kcapi-enc generates a 256 bit salt and sends its hexadec‐
49 imal representation to STDERR. This salt must be used during decryption
50 to ensure the PBKDF2 operation generates the correct symmetric key.
51 The following options are supported when invoking kcapi-enc:
53 -c, --cipher NAME
55 The NAME argument specifies the symmetric cipher to be used. The
56 allowed ciphers are defined by the Linux kernel. Currently reg‐
57 istered ciphers can be reviewed at /proc/crypto. The content of
58 this file, however, can change when new ciphers are registered.
59 The NAME argument is given directly to the Linux kernel crypto
60 API. The chosen cipher must be either of type skcipher or of
61 type aead as marked in /proc/crypto.
62 -e, --encrypt
64 Perform an encryption operation on the input data. This is the
65 default behavior which implies that this option can be skipped.
66 The input data is automatically padded if the the data size is
67 not a multiple of the block size of the chosen cipher.
68 -d, --decrypt
70 Perform a decryption operation on the input data. Automated un‐
71 padding is performed only when the input and output data is pro‐
72 vided via files referenced with the command line options.
73 -i, --infile FILE
75 Use the file referenced with FILE as the input data. If this op‐
76 tion is not provided, kcapi-enc expects the input data via
77 STDIN.
78 -o, --outfile FILE
80 Use the file referenced with FILE as the destination for the
81 output of the cryptographic operation. If this option is not
82 provided, kcapi-enc will provide the output via STDOUT.
83 --iv IV
85 Use the IV data as initialization vector for the cryptographic
86 operation. That IV value is expected to be a hexadecimal nota‐
87 tion and must match the block size of the chosen cipher. When
88 the CTR block chaining mode is used, the IV value is the start
89 value of the counter. When using the CCM cipher, the IV must
90 specify the initialization vector. If the CCM nonce should be
91 specified instead, the option --ccm-nonce must be used instead.
92 --aad AAD
94 For AEAD ciphers like CCM, GCM or the authenc ciphers of the
95 Linux kernel crypto API, the additional authentication data can
96 be provided with the AAD parameter. The data is expected in
97 hexadecimal format.
98 --tag TAG
100 The AEAD tag value required for the decryption operation is pro‐
101 vided with the TAG parameter. This parameter is expected in
102 hexadecimal format.
103 --taglen LENGTH
105 During encryption operation of AEAD ciphers, the tag is gener‐
106 ated. It is permissible to generate differently sized tags where
107 the parameter LENGTH specifies the size of the tag value to be
108 generated in bytes.
109 --ccm-nonce NONCE
111 Use the NONCE data as CCM nonce as defined in SP800-38C Appendix
112 A.2. That NONCE value is expected to be a hexadecimal notation
113 and must match the constraints of SP800-38C Appendix A.2.
114 --salt SALT
116 When performing the PBKDF2 operation to obtain the symmetric key
117 from the password, the SALT value is used as one input parame‐
118 ter. To ensure the same symmetric key is generated from a given
119 password, the same salt value must be used. This implies that
120 during decryption, the same salt used during the encryption op‐
121 eration must be referenced. kcapi-enc is unable to determine
122 whether the symmetric key derived from the password is the cor‐
123 rect one to decrypt the data, because any symmetric key will al‐
124 ways successfully decrypt data. Yet, the resulting data may be
125 different from what is expected.
126 -p, --passwd PASSWORD
128 The PASSWORD parameter provides the password from which the sym‐
129 metric key is derived used to encrypt or decrypt the data.
130 WARNING The password provided with the command line can be seen
131 from other applications or users when inspecting the /proc file
132 system! Thus, a password SHOULD NOT be used via the command line
133 and the passwdfd option should be used instead.
134 --passwdfd FD
136 Instead of providing the password via command line, it can be
137 injected into kcapi-enc using a file descriptor. The file de‐
138 scriptor number the password will be send through can be pro‐
139 vided with the FD option.
140 --pbkdfiter NUM
142 Perform NUM iterations of the PBKDF2 operation to derive the
143 symmetric key. If this option is not supplied, kcapi-enc deter‐
144 mines a number of iterations that is large enough to surpass
145 100ms operational time for the PBKDF2 function. The determined
146 iteration number is logged and must be reused if the same sym‐
147 metric key is to be generated from the same password.
148 --pbkdfmac MAC
150 Use the keyed message digest referenced with MAC for the PBKDF2
151 operation. If this option is not supplied, the default of
152 hmac(sha256) is used.
153 --keyfd FD
155 To provide a symmetric key that is directly used for the crypto‐
156 graphic operation, the file descriptor referenced with FD must
157 be used. Using a file descriptor is intentionally the only way
158 to provide a symmetric key to kcapi-enc.
159 --nounpad
161 During decryption and when the input data is provided via a file
162 as well as the output is written to a file, kcapi-enc automati‐
163 cally tries to detect a padding and removes the padding data. If
164 this automated unpadding is not desired, the nounpad option will
165 prevent the unpadding.
166 -v, --verbose
168 Enable a verbose operation of kcapi-enc. Using this option mul‐
169 tiple times increases the verbosity.
170 -q, --quiet
172 Prevent the generation of any log output. Note, some log output
173 would be needed for proper operation like the display of the
174 number of PBKDF2 iterations or the internally generated PBKDF2
175 salt. During quiet operation, none of this information is dis‐
176 played. Note, both information can also be supplied via the
177 command line so that kcapi-enc does not need to generate this
178 information.
179 -h, --help
181 Display the help text.
182 --version
184 Display the version number of the kcapi-enc application.
185
187 kcapi-dgst(1) kcapi-rng(1)
188 2017-08-14 KCAPI-ENC(1)