👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for decrypt (opensolaris section 1)

encrypt(1)				  User Commands 			       encrypt(1)

NAME
       encrypt, decrypt - encrypt or decrypt files

SYNOPSIS
       /usr/bin/encrypt -l

       /usr/bin/encrypt -a algorithm [-v]
	    [-k key_file | -K key_label [-T token_spec]]
	    [-i input_file] [-o output_file]

       /usr/bin/decrypt -l

       /usr/bin/decrypt -a algorithm [-v]
	    [-k key_file | -K key_label [-T token_spec]]
	    [-i input_file] [-o output_file]

DESCRIPTION
       This  utility  encrypts or decrypts the given file or stdin using the algorithm specified.
       If no output file is specified, output is to standard out. If input  and  output  are  the
       same file, the encrypted output is written to a temporary work file in the same filesystem
       and then used to replace the original file.

       On decryption, if the input and output are the  same  file,  the  cleartext  replaces  the
       ciphertext file.

       The  output file of encrypt and the input file for decrypt contains the following informa-
       tion:

	   o	  Output format version number, 4 bytes in network byte order. The  current  ver-
		  sion is 1.

	   o	  Iterations used in key generation function, 4 bytes in network byte order.

	   o	  IV  (ivlen  bytes)[1].  iv data is generated by random bytes equal to one block
		  size.

	   o	  Salt data used in key generation (16 bytes).

	   o	  Cipher text data.

OPTIONS
       The following options are supported:

       -a algorithm	 Specify the name of the  algorithm  to  use  during  the  encryption  or
			 decryption process. See USAGE, Algorithms for details.

       -i input_file	 Specify the input file. Default is stdin if input_file is not specified.

       -k key_file	 Specify  the file containing the key value for the encryption algorithm.
			 Each algorithm has specific key material requirements, as stated in  the
			 PKCS#11  specification.  If -k is not specified, encrypt prompts for key
			 material using getpassphrase(3C). The size of the  key  file  determines
			 the key length, and passphrases set from the terminal are always used to
			 generate 128 bit long keys for ciphers with a variable key length.

			 For information on generating a key file, see the genkey  subcommand  in
			 pktool(1). Alternatively, dd(1M) can be used.

       -K key_label	 Specify the label of a symmetric token key in a PKCS#11 token.

       -l		 Display  the  list  of algorithms available on the system. This list can
			 change depending on the configuration of  the	cryptographic  framework.
			 The keysizes are displayed in bits.

       -o output_file	 Specify  output file. Default is stdout if output_file is not specified.
			 If stdout is used without redirecting to a file, the terminal window can
			 appear to hang because the raw encrypted or decrypted data has disrupted
			 the terminal emulation, much like viewing a binary file can do at times.

       -T token_spec	 Specify a PKCS#11 token other than the default soft token  object  store
			 when the -K is specified.

			 token_spec has the format of:

			   token_name [:manuf_id [:serial_no]]

			 When  a  token  label	contains  trailing  spaces,  this option does not
			 require them to be typed as a convenience to the user.

			 Colon separates token identification string. If any of the parts have	a
			 literal colon (:) character, it must be escaped by a backslash (\). If a
			 colon (:) is not found, the entire string (up to 32 characters) is taken
			 as  the  token  label. If only one colon (:) is found, the string is the
			 token label and the manufacturer.

       -v		 Display verbose information. See Verbose.

USAGE
   Algorithms
       The supported algorithms are displayed with their minimum and maximum key sizes in the  -l
       option. These algorithms are provided by the cryptographic framework. Each supported algo-
       rithm is an alias of the PKCS #11 mechanism that is  the  most  commonly  used  and  least
       restricted  version  of	a  particular  algorithm  type.  For  example, des is an alias to
       CKM_DES_CBC_PAD and arcfour is an alias to CKM_RC4. Algorithm variants with no padding  or
       ECB are not supported.

       These aliases are used with the -a option and are case-sensitive.

   Passphrase
       When  the  -k  option  is  not  used  during  encryption and decryption tasks, the user is
       prompted for a passphrase. The passphrase is manipulated into a more secure key using  the
       PBKDF2 algorithm specified in PKCS #5.

       When  a passphrase is used with encrypt and decrypt, the user entered passphrase is turned
       into an encryption key using the PBKDF2 algorithm as defined defined in	http://www.rsase-
       curity.com, PKCS #5 v2.0.

   Verbose
       If an input file is provided to the command, a progress bar spans the screen. The progress
       bar denotes every 25% completed with a pipe sign (|). If the input is from standard input,
       a  period  (.) is displayed each time 40KB is read. Upon completion of both input methods,
       Done is printed.

EXAMPLES
       Example 1 Listing Available Algorithms

       The following example lists available algorithms:

	 example$ encrypt -l
	      Algorithm       Keysize:	Min   Max
	      -----------------------------------
	      aes			128   128
	      arcfour			  8   128
	      des			 64    64
	      3des			192   192

       Example 2 Encrypting Using AES

       The following example encrypts using AES and prompts for the encryption key:

	 example$ encrypt -a aes -i myfile.txt -o secretstuff

       Example 3 Encrypting Using AES with a Key File

       The following example encrypts using AES after the key file has been created:

	 example$ pktool genkey keystore=file keytype=aes keylen=128 \
		     outkey=key
	 example$ encrypt -a aes -k key -i myfile.txt -o secretstuff

       Example 4 Using an In Pipe to Provide Encrypted Tape Backup

       The following example uses an in pipe to provide encrypted tape backup:

	 example$ ufsdump 0f - /var | encrypt -a arcfour \
	      -k /etc/mykeys/backup.k | dd of=/dev/rmt/0

       Example 5 Using an In Pipe to Restore Tape Backup

       The following example uses and in pipe to restore a tape backup:

	 example$ decrypt -a arcfour -k /etc/mykeys/backup.k \
	      -i /dev/rmt/0 | ufsrestore xvf -

       Example 6 Encrypting an Input File Using the 3DES Algorithm

       The following example encrypts the inputfile file with  the  192-bit  key  stored  in  the
       des3key file:

	 example$ encrypt -a 3des -k des3key -i inputfile -o outputfile

       Example 7 Encrypting an Input File with a DES token key

       The  following example encrypts the input file file with a DES token key in the soft token
       keystore. The DES token key can be generated with pktool(1):

	 example$ encrypt -a des -K mydeskey \
	      -T "Sun Software PKCS#11 softtoken" -i inputfile \
	      -o outputfile

EXIT STATUS
       The following exit values are returned:

       0     Successful completion.

       >0    An error occurred.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+

SEE ALSO
       digest(1), pktool(1), mac(1), dd(1M), getpassphrase(3C),  libpkcs11(3LIB),  attributes(5),
       pkcs11_softtoken(5)

       System Administration Guide: Security Services

       RSA PKCS#11 v2.11: http://www.rsasecurity.com

       RSA PKCS#5 v2.0: http://www.rsasecurity.com

SunOS 5.11				   17 Dec 2008				       encrypt(1)


All times are GMT -4. The time now is 09:37 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password