crypt information
> which openssl
/usr/local/bin/openssl
> openssl version
OpenSSL 1.0.2-chacha (1.0.2k-dev)
> openssl -help
openssl:Error: '-help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 mdc2
rmd160 sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib
> openssl enc -help
unknown option '-help'
options are
-in input file
-out output file
-pass pass phrase source
-e encrypt
-d decrypt
-a/-base64 base64 encode/decode, depending on encryption flag
-k passphrase is the next argument
-kfile passphrase is the first line of the file argument
-md the next argument is the md to use to create a key
from a passphrase. One of md2, md5, sha or sha1
-S salt in hex is the next argument
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)
-bufsize buffer size
-nopad disable standard block padding
-engine e use engine e, possibly a hardware device.
Cipher Types
-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-ccm
-aes-128-cfb -aes-128-cfb1 -aes-128-cfb8
-aes-128-ctr -aes-128-ecb -aes-128-gcm
-aes-128-ofb -aes-128-xts -aes-192-cbc
-aes-192-ccm -aes-192-cfb -aes-192-cfb1
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb
-aes-192-gcm -aes-192-ofb -aes-256-cbc
-aes-256-cbc-hmac-sha1 -aes-256-ccm -aes-256-cfb
-aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr
-aes-256-ecb -aes-256-gcm -aes-256-ofb
-aes-256-xts -aes128 -aes192
-aes256 -bf -bf-cbc
-bf-cfb -bf-ecb -bf-ofb
-blowfish -camellia-128-cbc -camellia-128-cfb
-camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb
-camellia-192-ofb -camellia-256-cbc -camellia-256-cfb
-camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb
-camellia-256-ofb -camellia128 -camellia192
-camellia256 -cast -cast-cbc
-cast5-cbc -cast5-cfb -cast5-ecb
-cast5-ofb -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ofb -des-ede3
-des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1
-des-ede3-cfb8 -des-ede3-ofb -des-ofb
-des3 -desx -desx-cbc
-id-aes128-CCM -id-aes128-GCM -id-aes128-wrap
-id-aes192-CCM -id-aes192-GCM -id-aes192-wrap
-id-aes256-CCM -id-aes256-GCM -id-aes256-wrap
-id-smime-alg-CMS3DESwrap -idea -idea-cbc
-idea-cfb -idea-ecb -idea-ofb
-rc2 -rc2-40-cbc -rc2-64-cbc
-rc2-cbc -rc2-cfb -rc2-ecb
-rc2-ofb -rc4 -rc4-40
-rc4-hmac-md5 -rc5 -rc5-cbc
-rc5-cfb -rc5-ecb -rc5-ofb
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-ecb |
| hexdump -Cv
yes: stdout: Broken pipe
00000000 53 61 6c 74 65 64 5f 5f 3d a4 0b 52 83 a9 2d 39 |Salted__=..R..-9|
00000010 57 00 be 83 e1 3c ac 12 94 83 46 12 91 46 56 80 |W....<....F..FV.|
00000020 57 00 be 83 e1 3c ac 12 94 83 46 12 91 46 56 80 |W....<....F..FV.|
00000030 57 00 be 83 e1 3c ac 12 94 83 46 12 91 46 56 80 |W....<....F..FV.|
00000040 57 00 be 83 e1 3c ac 12 94 83 46 12 91 46 56 80 |W....<....F..FV.|
00000050 c2 84 03 59 56 e3 4c 64 d9 b6 41 00 18 45 7c 0b |...YV.Ld..A..E|.|
00000060
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-ecb |
| openssl enc -d -k 12345678 -aes-256-ecb | uniq -c
yes: stdout: Broken pipe
32 y
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-cbc |
| hexdump -Cv
yes: stdout: Broken pipe
00000000 53 61 6c 74 65 64 5f 5f eb eb e8 b6 7d 84 84 6c |Salted__....}..l|
00000010 00 cc 8a af f8 b0 84 8c f5 f3 42 09 20 c4 01 34 |..........B. ..4|
00000020 3b cb dd 1a 7c 9d 60 92 1c 0b d3 c3 4b 62 6e f6 |;...|.`.....Kbn.|
00000030 82 df 64 9a 47 68 71 69 3c 11 32 2b 06 67 e8 b0 |..d.Ghqi<.2+.g..|
00000040 71 34 14 0c 5a 63 0b d7 b1 af 24 8a d3 94 74 80 |q4..Zc....$...t.|
00000050 d5 06 f0 cd b9 90 24 55 34 e3 c2 00 00 6e 3c 67 |......$U4....n
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-cbc |
| openssl enc -d -k 12345678 -aes-256-cbc | uniq -c
yes: stdout: Broken pipe
32 y