Table of Contents for
Network Security with OpenSSL

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Network Security with OpenSSL by Pravir Chandra Published by O'Reilly Media, Inc., 2002
  1. Cover
  2. Network Security with OpenSSL
  3. Network Security with OpenSSL
  4. Dedication
  5. A Note Regarding Supplemental Files
  6. Preface
  7. 1. Introduction
  8. 2. Command-Line Interface
  9. 3. Public Key Infrastructure (PKI)
  10. 4. Support Infrastructure
  11. 5. SSL/TLS Programming
  12. 6. Symmetric Cryptography
  13. 7. Hashes and MACs
  14. 8. Public Key Algorithms
  15. 9. OpenSSL in Other Languages
  16. 10. Advanced Programming Topics
  17. A. Command-Line Reference
  18. asn1parse
  19. ca
  20. ciphers
  21. crl
  22. crl2pkcs7
  23. dgst
  24. dhparam
  25. dsa
  26. dsaparam
  27. enc
  28. errstr
  29. gendsa
  30. genrsa
  31. nseq
  32. passwd
  33. pkcs7
  34. pkcs8
  35. pkcs12
  36. rand
  37. req
  38. rsa
  39. rsautl
  40. s_client
  41. s_server
  42. s_time
  43. sess_id
  44. smime
  45. speed
  46. spkac
  47. verify
  48. version
  49. x509
  50. Index
  51. About the Authors
  52. Colophon
  53. Copyright

Name

enc

Synopsis

The enc command is used to perform encryption or decryption using symmetric ciphers. The command can also be used to perform base64 encoding.

Options

-in filename

Specify the name of the file to be used as input. If this option is omitted, stdin is used.

-out filename

Specify the name of the file to be used as output. If this option is omitted, stdout is used.

-pass password

Specify the password to be used for encryption or decryption. The password is used to generate an initialization vector (iv) and a key to be used by the cipher. This option follows the guidelines for passwords and passphrases outlined in Chapter 2.

-e

Cause the input to be encrypted. This is the default operation to be performed.

-d

Cause the input to be decrypted.

-salt

Cause a salt to be used in the key derivation routines. This option should always be used unless you need backward compatibility with versions of OpenSSL older than 0.9.5.

-nosalt

If this option is specified, no salt will be used in the key derivation routines. This is the default.

-a

Cause the data to be base64-encoded after it is encrypted, or base64-decoded before it is decrypted.

-A

Cause the base64 encoding to be produced on a single line when it is being encoded and expected on a single line when it is being decoded. This option is ignored unless the a option is specified.

-p

Cause the derived key and initialization vector to be output.

-P

Cause the derived key and initialization vector to be output. No encryption or decryption is performed when this option is specified.

-k password

Specify the password from which the key and initialization vector should be derived. This option is for backwards compatibility only, and the use of the pass option is preferred.

-kfile filename

Specify the name of a file containing the password from which the key and initialization vector should be derived. Only the first line of the file is read. This option is for backwards compatibility only, and the use of the pass option is preferred.

-K key

Specify the key to use in hexadecimal form. If this option is used along with a password option, then only the initialization vector is derived from the password, and this key is used. If no password is specified, the initialization vector must also be specified.

-iv vector

Specify the initialization vector to use in hexadecimal form.

-S salt

Specify the salt to use in hexadecimal form.

-bufsize number

Specify the size of the buffers to use for I/O.

Notes

The name of the cipher to use should be specified either as an option or as the name of the command instead of enc. A large number of ciphers are supported by this command. Additionally, base64 encoding is also supported. Note that base64 is an encoding, not a cipher. The ciphers are summarized in Table A-1.

Table A-1. Ciphers supported by the enc command

Cipher name

Description

base64

Base64 encoding

bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb

128-bit Blowfish

cast, cast-cbc, cast5-cbc, cast5-cfg, cast5-ecb, cast5-ofb

CAST5

des, des-cbc, des-ofb, des-ecb

DES

des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb

Two-key triple DES

des-ede3, des-ede3-cbc, des3, des-ede3-cfb, des-ede3-ofb

Three-key triple DES

desx

DESX

idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb

IDEA

rc2, rc2-cbc, rc2-cfg, rc2-ecb, rc2-ofb

128-bit RC2

rc2-64-cbc

64-bit RC2

rc2-40-cbc

40-bit RC2

rc4

128-bit RC4

rc4-64

64-bit RC4

rc4-40

40-bit RC4

rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb

128-bit RC5 with 12 rounds