Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

encrypt(1)                       User Commands                      encrypt(1)

       encrypt, decrypt - encrypt or decrypt files

       /usr/bin/encrypt -l | [-v] | -a algorithm [-k key_file] [-i input_file]
       [-o output_file]

       /usr/bin/decrypt -l | [-v] | -a algorithm [-k key_file] [-i input_file]
       [-o output_file]

       This  utility  encrypts  or  decrypts the given file or stdin using the
       algorithm specified. If no output file is specified, output is to stan-
       dard  out.  If input and output are the same file, the encrypted output
       is written to a temporary work file in the  same  filesystem  and  then
       used to replace the original file.

       On decryption, if the input and output are the same file, the cleartext
       replaces the ciphertext file.

       The output file of encrypt and the input file for decrypt contains  the
       following information:

         o  Output  format  version number, 4 bytes in network byte order. The
            current version is 1.

         o  Iterations used in key generation function, 4  bytes  in   network
            byte order.

         o  IV (ivlen bytes)[1]. iv data is generated by random bytes equal to
            one block size.

         o  Salt data used in key generation (16 bytes).

         o  Cipher text data.

       The following options are supported:

       -a algorithm            Specify the name of the algorithm to use during
                               the   encryption  or  decryption  process.  See
                               USAGE, Algorithms for details.

       -i input_file           Specify the input file.  Default  is  stdin  if
                               input_file is not specified.

       -k key_file             Specify  the  file containing the key value for
                               the encryption algorithm.  Each  algorithm  has
                               specific  key  material requirements, as stated
                               in the PKCS#11  specification.  If  -k  is  not
                               specified,  encrypt  prompts  for  key material
                               using getpassphrase(3C).

                               For information on generating a key  file,  see
                               dd(1M) or System Administration Guide: Security

       -l                      Display the list of algorithms available on the
                               system.  This  list can change depending on the
                               configuration of the  cryptographic  framework.
                               The keysizes are displayed in bits.

       -o output_file          Specify  output file. Default is stdout if out-
                               put_file is not specified. If  stdout  is  used
                               without  redirecting  to  a  file, the terminal
                               window can  appear  to  hang  because  the  raw
                               encrypted  or  decrypted data has disrupted the
                               terminal emulation, much like viewing a  binary
                               file can do at times.

       -v                      Display verbose information. See Verbose.

       The  supported  algorithms are displayed with their minimum and maximum
       key sizes in the -l option. These algorithms are provided by the  cryp-
       tographic  framework.  Each supported algorithm is an alias of the PKCS
       #11 mechanism that is the most commonly used and least restricted  ver-
       sion  of  a  particular algorithm type. For example: des is an alias to
       CKM_DES_CBC_PAD and arcfour is an alias to CKM_RC4. Algorithm  variants
       with no padding or ECB are not supported. See SECURITY for details.

       These aliases are used with the -a option and are case-sensitive.

       When  the -k option is not used during encryption and decryption tasks,
       the user is prompted for a passphrase. The  passphrase  is  manipulated
       into a more secure key using the PBKDF2 algorithm specified in PKCS #5.

       When  a  passphrase  is used with encrypt and decrypt, the user entered
       passphrase is turned into an encryption key using the PBKDF2  algorithm
       as  defined  defined in http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5,
       PKCS #5 v2.0.

       If an input file is provided to the command, a progress bar  spans  the
       screen.  The  progress bar denotes every 25% completed with a pipe sign
       (|). If the input is from standard input, a  period  (.)  is  displayed
       each  time 40KB is read. Upon completion of both input methods, Done is

       Example 1: Listing Available Algorithms

       The following example lists available algorithms:

       example$ encrypt -l
       Algorithm       Keysize:  Min   Max
       aes                       128   128
       arcfour                     8   128
       des                        64    64
       3des                      192   192

       Example 2: Encrypting Using AES

       The following example encrypts using AES and prompts for the encryption

       example$ encrypt -a aes -i myfile.txt -o secretstuff

       Example 3: Using an In Pipe to Provide Encrypted Tape Backup

       The following example uses an in pipe to provide encrypted tape backup:

       example$ ufsdump 0f - /var | encrypt -a arcfour \
           -k /etc/mykeys/backup.k | dd of=/dev/rmt/0

       Example 4: Using an In Pipe to Restore Tape Backup

       The following example uses and in pipe to restore a tape backup:

       example$ decrypt -a arcfour -k /etc/mykeys/backup.k \
           -i /dev/rmt/0 | ufsrestore vf -

       Example 5: Encrypting an Input File Using the 3DES Algorithm

       The  following example encrypts the inputfile file with the 192-bit key
       stored in the des3key file:

       example$ encrypt -a 3des -k des3key -i inputfile -o outputfile

       The following exit values are returned:

       0        Successful completion.

       >>0       An error occurred.

       See attributes(5) for descriptions of the following attributes:

       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).    ATTRIBUTE   TYPEATTRIBUTE  VALUE  AvailabilitySUNWcsu
       Interface StabilityEvolving

       digest(1),   mac(1),   dd(1M),   getpassphrase(3C),    libpkcs11(3LIB),
       attributes(5), pkcs11_softtoken(5)

       System Administration Guide: Security Services

       RSA PKCS#11 v2.11 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11

       RSA PKCS#5 v2.0 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5

SunOS 5.10                        25 May 2004                       encrypt(1)