The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

decrypt (1)
  • >> decrypt (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • decrypt (1) ( Linux man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    encrypt, decrypt - encrypt or decrypt files
     
    

    SYNOPSIS

    /usr/bin/encrypt -l
    

    /usr/bin/encrypt -a algorithm [-v] 
        [-k key_file | -K key_label [-T token_spec]]
        [-i input_file] [-o output_file]
    

    /usr/bin/decrypt -l
    

    /usr/bin/decrypt -a algorithm [-v] 
        [-k key_file | -K key_label [-T token_spec]]
        [-i input_file] [-o output_file]
    

     

    DESCRIPTION

    This utility encrypts or decrypts the given file or stdin using the algorithm specified. If no output file is specified, output is to standard out. If input and output are the same file, the encrypted output is written to a temporary work file in the same filesystem and then used to replace the original file.

    On decryption, if the input and output are the same file, the cleartext replaces the ciphertext file.

    The output file of encrypt and the input file for decrypt contains the following information:

    o Output format version number, 4 bytes in network byte order. The current version is 1.
    o Iterations used in key generation function, 4 bytes in network byte order.
    o IV (ivlen bytes)[1]. iv data is generated by random bytes equal to one block size.
    o Salt data used in key generation (16 bytes).
    o Cipher text data.
     

    OPTIONS

    The following options are supported:

    -a algorithm

    Specify the name of the algorithm to use during the encryption or decryption process. See USAGE, Algorithms for details.

    -i input_file

    Specify the input file. Default is stdin if input_file is not specified.

    -k key_file

    Specify the file containing the key value for the encryption algorithm. Each algorithm has specific key material requirements, as stated in the PKCS#11 specification. If -k is not specified, encrypt prompts for key material using getpassphrase(3C). The size of the key file determines the key length, and passphrases set from the terminal are always used to generate 128 bit long keys for ciphers with a variable key length.

    For information on generating a key file, see dd(1M), the System Administration Guide: Security Services, or the genkey subcommand in pktool(1). Alternatively, dd(1M) can be used.

    -K key_label

    Specify the label of a symmetric token key in a PKCS#11 token.

    -l

    Display the list of algorithms available on the system. This list can change depending on the configuration of the cryptographic framework. The keysizes are displayed in bits.

    -o output_file

    Specify output file. Default is stdout if output_file is not specified. If stdout is used without redirecting to a file, the terminal window can appear to hang because the raw encrypted or decrypted data has disrupted the terminal emulation, much like viewing a binary file can do at times.

    -T token_spec

    Specify a PKCS#11 token other than the default soft token object store when the -K is specified.

    token_spec has the format of:

    token_name [:manuf_id [:serial_no]]
    

    When a token label contains trailing spaces, this option does not require them to be typed as a convenience to the user.

    Colon separates token identification string. If any of the parts have a literal colon (:) character, it must be escaped by a backslash (\). If a colon (:) is not found, the entire string (up to 32 characters) is taken as the token label. If only one colon (:) is found, the string is the token label and the manufacturer.

    -v

    Display verbose information. See Verbose.

     

    USAGE

     

    Algorithms

    The supported algorithms are displayed with their minimum and maximum key sizes in the -l option. These algorithms are provided by the cryptographic framework. Each supported algorithm is an alias of the PKCS #11 mechanism that is the most commonly used and least restricted version of a particular algorithm type. For example, des is an alias to CKM_DES_CBC_PAD and arcfour is an alias to CKM_RC4. Algorithm variants with no padding or ECB are not supported.

    These aliases are used with the -a option and are case-sensitive.  

    Passphrase

    When the -k option is not used during encryption and decryption tasks, the user is prompted for a passphrase. The passphrase is manipulated into a more secure key using the PBKDF2 algorithm specified in PKCS #5.

    When a passphrase is used with encrypt and decrypt, the user entered passphrase is turned into an encryption key using the PBKDF2 algorithm as defined defined in http://www.rsasecurity.com, PKCS #5 v2.0.  

    Verbose

    If an input file is provided to the command, a progress bar spans the screen. The progress bar denotes every 25% completed with a pipe sign (|). If the input is from standard input, a period (.) is displayed each time 40KB is read. Upon completion of both input methods, Done is printed.  

    EXAMPLES

    Example 1 Listing Available Algorithms

    The following example lists available algorithms:

    example$ encrypt -l
        Algorithm       Keysize:  Min   Max
        -----------------------------------
        aes                       128   128
        arcfour                     8   128
        des                        64    64
        3des                      192   192
    

    Example 2 Encrypting Using AES

    The following example encrypts using AES and prompts for the encryption key:

    example$ encrypt -a aes -i myfile.txt -o secretstuff
    

    Example 3 Encrypting Using AES with a Key File

    The following example encrypts using AES after the key file has been created:

    example$ pktool genkey keystore=file keytype=aes keylen=128 \
               outkey=key
    example$ encrypt -a aes -k key -i myfile.txt -o secretstuff
    

    Example 4 Using an In Pipe to Provide Encrypted Tape Backup

    The following example uses an in pipe to provide encrypted tape backup:

    example$ ufsdump 0f - /var | encrypt -a arcfour \
        -k /etc/mykeys/backup.k | dd of=/dev/rmt/0
    

    Example 5 Using an In Pipe to Restore Tape Backup

    The following example uses and in pipe to restore a tape backup:

    example$ decrypt -a arcfour -k /etc/mykeys/backup.k \
        -i /dev/rmt/0 | ufsrestore xvf -
    

    Example 6 Encrypting an Input File Using the 3DES Algorithm

    The following example encrypts the inputfile file with the 192-bit key stored in the des3key file:

    example$ encrypt -a 3des -k des3key -i inputfile -o outputfile
    

    Example 7 Encrypting an Input File with a DES token key

    The following example encrypts the input file file with a DES token key in the soft token keystore. The DES token key can be generated with pktool(1):

    example$ encrypt -a des -K mydeskey \
        -T "Sun Software PKCS#11 softtoken" -i inputfile \
        -o outputfile
    

     

    EXIT STATUS

    The following exit values are returned:

    0

    Successful completion.

    >0

    An error occurred.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWcsu

    Interface Stability

     

    SEE ALSO

    digest(1), pktool(1), mac(1), dd(1M), getpassphrase(3C), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5)

    System Administration Guide: Security Services

    RSA PKCS#11 v2.11: http://www.rsasecurity.com

    RSA PKCS#5 v2.0: http://www.rsasecurity.com


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    USAGE
    Algorithms
    Passphrase
    Verbose
    EXAMPLES
    EXIT STATUS
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




      Закладки на сайте
      Проследить за страницей
    Created 1996-2017 by Maxim Chirkov  
    ДобавитьРекламаВебмастеруГИД  
    Hosting by Ihor