xref: /openssl/doc/man1/openssl-enc.pod.in (revision fecb3aae) 
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-enc - symmetric cipher routines
7
8=head1 SYNOPSIS
9
10B<openssl> B<enc>|I<cipher>
11[B<-I<cipher>>]
12[B<-help>]
13[B<-list>]
14[B<-ciphers>]
15[B<-in> I<filename>]
16[B<-out> I<filename>]
17[B<-pass> I<arg>]
18[B<-e>]
19[B<-d>]
20[B<-a>]
21[B<-base64>]
22[B<-A>]
23[B<-k> I<password>]
24[B<-kfile> I<filename>]
25[B<-K> I<key>]
26[B<-iv> I<IV>]
27[B<-S> I<salt>]
28[B<-salt>]
29[B<-nosalt>]
30[B<-z>]
31[B<-md> I<digest>]
32[B<-iter> I<count>]
33[B<-pbkdf2>]
34[B<-p>]
35[B<-P>]
36[B<-bufsize> I<number>]
37[B<-nopad>]
38[B<-v>]
39[B<-debug>]
40[B<-none>]
41{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
42{- $OpenSSL::safe::opt_provider_synopsis -}
43
44B<openssl> I<cipher> [B<...>]
45
46=head1 DESCRIPTION
47
48The symmetric cipher commands allow data to be encrypted or decrypted
49using various block and stream ciphers using keys based on passwords
50or explicitly provided. Base64 encoding or decoding can also be performed
51either by itself or in addition to the encryption or decryption.
52
53=head1 OPTIONS
54
55=over 4
56
57=item B<-I<cipher>>
58
59The cipher to use.
60
61=item B<-help>
62
63Print out a usage message.
64
65=item B<-list>
66
67List all supported ciphers.
68
69=item B<-ciphers>
70
71Alias of -list to display all supported ciphers.
72
73=item B<-in> I<filename>
74
75The input filename, standard input by default.
76
77=item B<-out> I<filename>
78
79The output filename, standard output by default.
80
81=item B<-pass> I<arg>
82
83The password source. For more information about the format of I<arg>
84see L<openssl-passphrase-options(1)>.
85
86=item B<-e>
87
88Encrypt the input data: this is the default.
89
90=item B<-d>
91
92Decrypt the input data.
93
94=item B<-a>
95
96Base64 process the data. This means that if encryption is taking place
97the data is base64 encoded after encryption. If decryption is set then
98the input data is base64 decoded before being decrypted.
99
100=item B<-base64>
101
102Same as B<-a>
103
104=item B<-A>
105
106If the B<-a> option is set then base64 process the data on one line.
107
108=item B<-k> I<password>
109
110The password to derive the key from. This is for compatibility with previous
111versions of OpenSSL. Superseded by the B<-pass> argument.
112
113=item B<-kfile> I<filename>
114
115Read the password to derive the key from the first line of I<filename>.
116This is for compatibility with previous versions of OpenSSL. Superseded by
117the B<-pass> argument.
118
119=item B<-md> I<digest>
120
121Use the specified digest to create the key from the passphrase.
122The default algorithm is sha-256.
123
124=item B<-iter> I<count>
125
126Use a given number of iterations on the password in deriving the encryption key.
127High values increase the time required to brute-force the resulting file.
128This option enables the use of PBKDF2 algorithm to derive the key.
129
130=item B<-pbkdf2>
131
132Use PBKDF2 algorithm with default iteration count unless otherwise specified.
133
134=item B<-nosalt>
135
136Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
137used except for test purposes or compatibility with ancient versions of
138OpenSSL.
139
140=item B<-salt>
141
142Use salt (randomly generated or provide with B<-S> option) when
143encrypting, this is the default.
144
145=item B<-S> I<salt>
146
147The actual salt to use: this must be represented as a string of hex digits.
148If this option is used while encrypting, the same exact value will be needed
149again during decryption.
150
151=item B<-K> I<key>
152
153The actual key to use: this must be represented as a string comprised only
154of hex digits. If only the key is specified, the IV must additionally specified
155using the B<-iv> option. When both a key and a password are specified, the
156key given with the B<-K> option will be used and the IV generated from the
157password will be taken. It does not make much sense to specify both key
158and password.
159
160=item B<-iv> I<IV>
161
162The actual IV to use: this must be represented as a string comprised only
163of hex digits. When only the key is specified using the B<-K> option, the
164IV must explicitly be defined. When a password is being specified using
165one of the other options, the IV is generated from this password.
166
167=item B<-p>
168
169Print out the key and IV used.
170
171=item B<-P>
172
173Print out the key and IV used then immediately exit: don't do any encryption
174or decryption.
175
176=item B<-bufsize> I<number>
177
178Set the buffer size for I/O.
179
180=item B<-nopad>
181
182Disable standard block padding.
183
184=item B<-v>
185
186Verbose print; display some statistics about I/O and buffer sizes.
187
188=item B<-debug>
189
190Debug the BIOs used for I/O.
191
192=item B<-z>
193
194Compress or decompress encrypted data using zlib after encryption or before
195decryption. This option exists only if OpenSSL was compiled with the zlib
196or zlib-dynamic option.
197
198=item B<-none>
199
200Use NULL cipher (no encryption or decryption of input).
201
202{- $OpenSSL::safe::opt_r_item -}
203
204{- $OpenSSL::safe::opt_provider_item -}
205
206{- $OpenSSL::safe::opt_engine_item -}
207
208=back
209
210=head1 NOTES
211
212The program can be called either as C<openssl I<cipher>> or
213C<openssl enc -I<cipher>>. The first form doesn't work with
214engine-provided ciphers, because this form is processed before the
215configuration file is read and any ENGINEs loaded.
216Use the L<openssl-list(1)> command to get a list of supported ciphers.
217
218Engines which provide entirely new encryption algorithms (such as the ccgost
219engine which provides gost89 algorithm) should be configured in the
220configuration file. Engines specified on the command line using B<-engine>
221option can only be used for hardware-assisted implementations of
222ciphers which are supported by the OpenSSL core or another engine specified
223in the configuration file.
224
225When the enc command lists supported ciphers, ciphers provided by engines,
226specified in the configuration files are listed too.
227
228A password will be prompted for to derive the key and IV if necessary.
229
230The B<-salt> option should B<ALWAYS> be used if the key is being derived
231from a password unless you want compatibility with previous versions of
232OpenSSL.
233
234Without the B<-salt> option it is possible to perform efficient dictionary
235attacks on the password and to attack stream cipher encrypted data. The reason
236for this is that without the salt the same password always generates the same
237encryption key.
238
239When the salt is generated at random (that means when encrypting using a
240passphrase without explicit salt given using B<-S> option), the first bytes
241of the encrypted data are reserved to store the salt for later decrypting.
242
243Some of the ciphers do not have large keys and others have security
244implications if not used correctly. A beginner is advised to just use
245a strong block cipher, such as AES, in CBC mode.
246
247All the block ciphers normally use PKCS#5 padding, also known as standard
248block padding. This allows a rudimentary integrity or password check to
249be performed. However, since the chance of random data passing the test
250is better than 1 in 256 it isn't a very good test.
251
252If padding is disabled then the input data must be a multiple of the cipher
253block length.
254
255All RC2 ciphers have the same key and effective key length.
256
257Blowfish and RC5 algorithms use a 128 bit key.
258
259=head1 SUPPORTED CIPHERS
260
261Note that some of these ciphers can be disabled at compile time
262and some are available only if an appropriate engine is configured
263in the configuration file. The output when invoking this command
264with the B<-list> option (that is C<openssl enc -list>) is
265a list of ciphers, supported by your version of OpenSSL, including
266ones provided by configured engines.
267
268This command does not support authenticated encryption modes
269like CCM and GCM, and will not support such modes in the future.
270This is due to having to begin streaming output (e.g., to standard output
271when B<-out> is not used) before the authentication tag could be validated.
272When this command is used in a pipeline, the receiving end will not be
273able to roll back upon authentication failure.  The AEAD modes currently in
274common use also suffer from catastrophic failure of confidentiality and/or
275integrity upon reuse of key/iv/nonce, and since B<openssl enc> places the
276entire burden of key/iv/nonce management upon the user, the risk of
277exposing AEAD modes is too great to allow. These key/iv/nonce
278management issues also affect other modes currently exposed in this command,
279but the failure modes are less extreme in these cases, and the
280functionality cannot be removed with a stable release branch.
281For bulk encryption of data, whether using authenticated encryption
282modes or other modes, L<openssl-cms(1)> is recommended, as it provides a
283standard data format and performs the needed key/iv/nonce management.
284
285When enc is used with key wrapping modes the input data cannot be streamed,
286meaning it must be processed in a single pass.
287Consequently, the input data size must be less than
288the buffer size (-bufsize arg, default to 8*1024 bytes).
289The '*-wrap' ciphers require the input to be a multiple of 8 bytes long,
290because no padding is involved.
291The '*-wrap-pad' ciphers allow any input length.
292In both cases, no IV is needed. See example below.
293
294
295 base64             Base 64
296
297 bf-cbc             Blowfish in CBC mode
298 bf                 Alias for bf-cbc
299 blowfish           Alias for bf-cbc
300 bf-cfb             Blowfish in CFB mode
301 bf-ecb             Blowfish in ECB mode
302 bf-ofb             Blowfish in OFB mode
303
304 cast-cbc           CAST in CBC mode
305 cast               Alias for cast-cbc
306 cast5-cbc          CAST5 in CBC mode
307 cast5-cfb          CAST5 in CFB mode
308 cast5-ecb          CAST5 in ECB mode
309 cast5-ofb          CAST5 in OFB mode
310
311 chacha20           ChaCha20 algorithm
312
313 des-cbc            DES in CBC mode
314 des                Alias for des-cbc
315 des-cfb            DES in CFB mode
316 des-ofb            DES in OFB mode
317 des-ecb            DES in ECB mode
318
319 des-ede-cbc        Two key triple DES EDE in CBC mode
320 des-ede            Two key triple DES EDE in ECB mode
321 des-ede-cfb        Two key triple DES EDE in CFB mode
322 des-ede-ofb        Two key triple DES EDE in OFB mode
323
324 des-ede3-cbc       Three key triple DES EDE in CBC mode
325 des-ede3           Three key triple DES EDE in ECB mode
326 des3               Alias for des-ede3-cbc
327 des-ede3-cfb       Three key triple DES EDE CFB mode
328 des-ede3-ofb       Three key triple DES EDE in OFB mode
329
330 desx               DESX algorithm.
331
332 gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
333 gost89-cnt         GOST 28147-89 in CNT mode (provided by ccgost engine)
334
335 idea-cbc           IDEA algorithm in CBC mode
336 idea               same as idea-cbc
337 idea-cfb           IDEA in CFB mode
338 idea-ecb           IDEA in ECB mode
339 idea-ofb           IDEA in OFB mode
340
341 rc2-cbc            128 bit RC2 in CBC mode
342 rc2                Alias for rc2-cbc
343 rc2-cfb            128 bit RC2 in CFB mode
344 rc2-ecb            128 bit RC2 in ECB mode
345 rc2-ofb            128 bit RC2 in OFB mode
346 rc2-64-cbc         64 bit RC2 in CBC mode
347 rc2-40-cbc         40 bit RC2 in CBC mode
348
349 rc4                128 bit RC4
350 rc4-64             64 bit RC4
351 rc4-40             40 bit RC4
352
353 rc5-cbc            RC5 cipher in CBC mode
354 rc5                Alias for rc5-cbc
355 rc5-cfb            RC5 cipher in CFB mode
356 rc5-ecb            RC5 cipher in ECB mode
357 rc5-ofb            RC5 cipher in OFB mode
358
359 seed-cbc           SEED cipher in CBC mode
360 seed               Alias for seed-cbc
361 seed-cfb           SEED cipher in CFB mode
362 seed-ecb           SEED cipher in ECB mode
363 seed-ofb           SEED cipher in OFB mode
364
365 sm4-cbc            SM4 cipher in CBC mode
366 sm4                Alias for sm4-cbc
367 sm4-cfb            SM4 cipher in CFB mode
368 sm4-ctr            SM4 cipher in CTR mode
369 sm4-ecb            SM4 cipher in ECB mode
370 sm4-ofb            SM4 cipher in OFB mode
371
372 aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
373 aes[128|192|256]       Alias for aes-[128|192|256]-cbc
374 aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
375 aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
376 aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
377 aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
378 aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
379 aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
380
381 aes-[128|192|256]-wrap     key wrapping using 128/192/256 bit AES
382 aes-[128|192|256]-wrap-pad key wrapping with padding using 128/192/256 bit AES
383
384 aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
385 aria[128|192|256]       Alias for aria-[128|192|256]-cbc
386 aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
387 aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
388 aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
389 aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
390 aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
391 aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
392
393 camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
394 camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
395 camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
396 camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
397 camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
398 camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
399 camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
400 camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
401
402=head1 EXAMPLES
403
404Just base64 encode a binary file:
405
406 openssl base64 -in file.bin -out file.b64
407
408Decode the same file
409
410 openssl base64 -d -in file.b64 -out file.bin
411
412Encrypt a file using AES-128 using a prompted password
413and PBKDF2 key derivation:
414
415 openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
416
417Decrypt a file using a supplied password:
418
419 openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
420    -pass pass:<password>
421
422Encrypt a file then base64 encode it (so it can be sent via mail for example)
423using AES-256 in CTR mode and PBKDF2 key derivation:
424
425 openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
426
427Base64 decode a file then decrypt it using a password supplied in a file:
428
429 openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
430    -pass file:<passfile>
431
432AES key wrapping:
433
434 openssl enc -e -a -id-aes128-wrap-pad -K 000102030405060708090A0B0C0D0E0F -in file.bin
435or
436 openssl aes128-wrap-pad -e -a -K 000102030405060708090A0B0C0D0E0F -in file.bin
437
438=head1 BUGS
439
440The B<-A> option when used with large files doesn't work properly.
441
442The B<openssl enc> command only supports a fixed number of algorithms with
443certain parameters. So if, for example, you want to use RC2 with a
44476 bit key or RC4 with an 84 bit key you can't use this program.
445
446=head1 HISTORY
447
448The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
449
450The B<-list> option was added in OpenSSL 1.1.1e.
451
452The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
453
454=head1 COPYRIGHT
455
456Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
457
458Licensed under the Apache License 2.0 (the "License").  You may not use
459this file except in compliance with the License.  You can obtain a copy
460in the file LICENSE in the source distribution or at
461L<https://www.openssl.org/source/license.html>.
462
463=cut
464