diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/openssl-enc.1')
| -rw-r--r-- | secure/usr.bin/openssl/man/openssl-enc.1 | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/secure/usr.bin/openssl/man/openssl-enc.1 b/secure/usr.bin/openssl/man/openssl-enc.1 index 6886aa036fee..9b30dc2bb5b4 100644 --- a/secure/usr.bin/openssl/man/openssl-enc.1 +++ b/secure/usr.bin/openssl/man/openssl-enc.1 @@ -1,5 +1,5 @@ .\" -*- mode: troff; coding: utf-8 -*- -.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -52,10 +52,13 @@ . \} .\} .rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ENC 1ossl" -.TH OPENSSL-ENC 1ossl 2025-09-30 3.5.4 OpenSSL +.TH OPENSSL-ENC 1ossl 2026-04-07 3.5.6 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +179,7 @@ The default algorithm is sha\-256. .IP "\fB\-iter\fR \fIcount\fR" 4 .IX Item "-iter count" Use a given number of iterations on the password in deriving the encryption key. -High values increase the time required to brute-force the resulting file. +High values increase the time required to brute\-force the resulting file. This option enables the use of PBKDF2 algorithm to derive the key. .IP \fB\-pbkdf2\fR 4 .IX Item "-pbkdf2" @@ -192,7 +195,7 @@ and a fixed salt length of 8 is used. The salt length used when encrypting must also be used when decrypting. .IP \fB\-nosalt\fR 4 .IX Item "-nosalt" -Don't use a salt in the key derivation routines. This option \fBSHOULD NOT\fR be +Don\*(Aqt use a salt in the key derivation routines. This option \fBSHOULD NOT\fR be used except for test purposes or compatibility with ancient versions of OpenSSL. .IP \fB\-salt\fR 4 @@ -224,7 +227,7 @@ one of the other options, the IV is generated from this password. Print out the key and IV used. .IP \fB\-P\fR 4 .IX Item "-P" -Print out the key and IV used then immediately exit: don't do any encryption +Print out the key and IV used then immediately exit: don\*(Aqt do any encryption or decryption. .IP "\fB\-bufsize\fR \fInumber\fR[\fBk\fR]" 4 .IX Item "-bufsize number[k]" @@ -245,7 +248,7 @@ Debug the BIOs used for I/O. .IX Item "-z" Compress or decompress encrypted data using zlib after encryption or before decryption. This option exists only if OpenSSL was compiled with the zlib -or zlib-dynamic option. +or zlib\-dynamic option. .IP \fB\-none\fR 4 .IX Item "-none" Use NULL cipher (no encryption or decryption of input). @@ -260,7 +263,7 @@ please refer to the output of the \f(CW\*(C`openssl list \-skey\-managers\*(C'\f .IP "\fB\-skeyopt\fR \fIopt\fR:\fIvalue\fR" 4 .IX Item "-skeyopt opt:value" To obtain an existing opaque symmetric key or generate a new one, key -options are specified as opt:value. These options can't be used together with +options are specified as opt:value. These options can\*(Aqt be used together with any options implying raw key directly or indirectly. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" @@ -283,15 +286,15 @@ This option is deprecated. .SH NOTES .IX Header "NOTES" The program can be called either as \f(CW\*(C`openssl \fR\f(CIcipher\fR\f(CW\*(C'\fR or -\&\f(CW\*(C`openssl enc \-\fR\f(CIcipher\fR\f(CW\*(C'\fR. The first form doesn't work with -engine-provided ciphers, because this form is processed before the +\&\f(CW\*(C`openssl enc \-\fR\f(CIcipher\fR\f(CW\*(C'\fR. The first form doesn\*(Aqt work with +engine\-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers. .PP Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines specified on the command line using \fB\-engine\fR -option can only be used for hardware-assisted implementations of +option can only be used for hardware\-assisted implementations of ciphers which are supported by the OpenSSL core or another engine specified in the configuration file. .PP @@ -320,7 +323,7 @@ a strong block cipher, such as AES, in CBC mode. All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test -is better than 1 in 256 it isn't a very good test. +is better than 1 in 256 it isn\*(Aqt a very good test. .PP If padding is disabled then the input data must be a multiple of the cipher block length. @@ -371,9 +374,9 @@ When enc is used with key wrapping modes the input data cannot be streamed, meaning it must be processed in a single pass. Consequently, the input data size must be less than the buffer size (\-bufsize arg, default to 8*1024 bytes). -The '*\-wrap' ciphers require the input to be a multiple of 8 bytes long, +The \*(Aq*\-wrap\*(Aq ciphers require the input to be a multiple of 8 bytes long, because no padding is involved. -The '*\-wrap\-pad' ciphers allow any input length. +The \*(Aq*\-wrap\-pad\*(Aq ciphers allow any input length. In both cases, no IV is needed. See example below. .PP .Vb 1 @@ -535,14 +538,14 @@ AES key wrapping: .Ve .SH BUGS .IX Header "BUGS" -The \fB\-A\fR option when used with large files doesn't work properly. +The \fB\-A\fR option when used with large files doesn\*(Aqt work properly. On the other hand, when base64 decoding without the \fB\-A\fR option, if the first 1024 bytes of input do not include a newline character the first two lines of input are ignored. .PP The \fBopenssl enc\fR command only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a -76 bit key or RC4 with an 84 bit key you can't use this program. +76 bit key or RC4 with an 84 bit key you can\*(Aqt use this program. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-list\fR\|(1), \fBEVP_SKEY\fR\|(3) |