blob: 3bc24e61b2cdcc2e035f615b1027ca26f1e47b75 (plain
ccrypt is a utility for encrypting and decrypting files and streams. It was
designed to replace the standard Unix crypt utility, which is notorious for
using a very weak encryption algorithm. ccrypt is based on the Rijndael
cipher, which is the U.S. government's chosen candidate for the Advanced
Encryption Standard (AES, see http://www.nist.gov/aes/). This cipher is
believed to provide very strong security.
Unlike Unix crypt, the algorithm provided by ccrypt is not symmetric, i.e.,
one must specify whether to encrypt or decrypt. The most common way to invoke
ccrypt is via the commands ccencrypt and ccdecrypt. There is also a ccat
command for decrypting a file directly to the terminal, thus reducing the
likelihood of leaving temporary plaintext files around. In addition, there
is a compatibility mode for decrypting legacy Unix crypt files.
Encryption and decryption depends on a keyword (or key phrase) supplied by
the user. By default, the user is prompted to enter a keyword from the
terminal. Keywords can consist of any number of characters, and all characters
are significant (although ccrypt internally hashes the key to 256 bits).
Longer keywords provide better security than short ones, since they are less
likely to be discovered by exhaustive search.