=head1 SYNOPSIS
B<openssl enc -ciphername>
+[B<-help>]
+[B<-ciphers>]
[B<-in filename>]
[B<-out filename>]
[B<-pass arg>]
[B<-salt>]
[B<-nosalt>]
[B<-z>]
-[B<-md>]
+[B<-md digest>]
[B<-p>]
[B<-P>]
[B<-bufsize number>]
=over 4
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-ciphers>
+
+List all supported ciphers.
+
=item B<-in filename>
the input filename, standard input by default.
=item B<-pass arg>
the password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-salt>
-
-use a salt in the key derivation routines. This is the default.
-
-=item B<-nosalt>
-
-don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
-used except for test purposes or compatibility with ancient versions of OpenSSL
-and SSLeay.
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-e>
This is for compatibility with previous versions of OpenSSL. Superseded by
the B<-pass> argument.
+=item B<-md digest>
+
+Use the specified digest to create the key from the passphrase.
+The default algorithm is sha-256.
+
=item B<-nosalt>
-do not use a salt
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
+used except for test purposes or compatibility with ancient versions of
+OpenSSL.
=item B<-salt>
Engines which provide entirely new encryption algorithms (such as ccgost
engine which provides gost89 algorithm) should be configured in the
configuration file. Engines, specified in the command line using -engine
-options can only be used for hadrware-assisted implementations of
+options can only be used for hardware-assisted implementations of
ciphers, which are supported by OpenSSL core or other engine, specified
in the configuration file.
The B<-salt> option should B<ALWAYS> be used if the key is being derived
from a password unless you want compatibility with previous versions of
-OpenSSL and SSLeay.
+OpenSSL.
Without the B<-salt> option it is possible to perform efficient dictionary
attacks on the password and to attack stream cipher encrypted data. The reason
and some are available only if an appropriate engine is configured
in the configuration file. The output of the B<enc> command run with
unsupported options (for example B<openssl enc -help>) includes a
-list of ciphers, supported by your versesion of OpenSSL, including
+list of ciphers, supported by your version of OpenSSL, including
ones provided by configured engines.
The B<enc> program does not support authenticated encryption modes
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
- gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
+ gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
- aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
- aes-[128|192|256] Alias for aes-[128|192|256]-cbc
- aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
- aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
- aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
- aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
- aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
+ aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
+ aes[128|192|256] Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
=head1 EXAMPLES
Decode the same file
- openssl base64 -d -in file.b64 -out file.bin
+ openssl base64 -d -in file.b64 -out file.bin
Encrypt a file using triple DES in CBC mode using a prompted password:
- openssl des3 -salt -in file.txt -out file.des3
+ openssl des3 -salt -in file.txt -out file.des3
Decrypt a file using a supplied password:
certain parameters. So if, for example, you want to use RC2 with a
76 bit key or RC4 with an 84 bit key you can't use this program.
+=head1 HISTORY
+
+The default digest was changed from MD5 to SHA256 in Openssl 1.1.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
=cut