crypt information
> which openssl
/usr/local/bin/openssl
> openssl version
OpenSSL 1.0.2-chacha (1.0.2k-dev)
> openssl -help
openssl:Error: '-help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 mdc2
rmd160 sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib
> openssl enc -help
unknown option '-help'
options are
-in input file
-out output file
-pass pass phrase source
-e encrypt
-d decrypt
-a/-base64 base64 encode/decode, depending on encryption flag
-k passphrase is the next argument
-kfile passphrase is the first line of the file argument
-md the next argument is the md to use to create a key
from a passphrase. One of md2, md5, sha or sha1
-S salt in hex is the next argument
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)
-bufsize buffer size
-nopad disable standard block padding
-engine e use engine e, possibly a hardware device.
Cipher Types
-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-ccm
-aes-128-cfb -aes-128-cfb1 -aes-128-cfb8
-aes-128-ctr -aes-128-ecb -aes-128-gcm
-aes-128-ofb -aes-128-xts -aes-192-cbc
-aes-192-ccm -aes-192-cfb -aes-192-cfb1
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb
-aes-192-gcm -aes-192-ofb -aes-256-cbc
-aes-256-cbc-hmac-sha1 -aes-256-ccm -aes-256-cfb
-aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr
-aes-256-ecb -aes-256-gcm -aes-256-ofb
-aes-256-xts -aes128 -aes192
-aes256 -bf -bf-cbc
-bf-cfb -bf-ecb -bf-ofb
-blowfish -camellia-128-cbc -camellia-128-cfb
-camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb
-camellia-192-ofb -camellia-256-cbc -camellia-256-cfb
-camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb
-camellia-256-ofb -camellia128 -camellia192
-camellia256 -cast -cast-cbc
-cast5-cbc -cast5-cfb -cast5-ecb
-cast5-ofb -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ofb -des-ede3
-des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1
-des-ede3-cfb8 -des-ede3-ofb -des-ofb
-des3 -desx -desx-cbc
-id-aes128-CCM -id-aes128-GCM -id-aes128-wrap
-id-aes192-CCM -id-aes192-GCM -id-aes192-wrap
-id-aes256-CCM -id-aes256-GCM -id-aes256-wrap
-id-smime-alg-CMS3DESwrap -idea -idea-cbc
-idea-cfb -idea-ecb -idea-ofb
-rc2 -rc2-40-cbc -rc2-64-cbc
-rc2-cbc -rc2-cfb -rc2-ecb
-rc2-ofb -rc4 -rc4-40
-rc4-hmac-md5 -rc5 -rc5-cbc
-rc5-cfb -rc5-ecb -rc5-ofb
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-ecb |
| hexdump -Cv
yes: stdout: Broken pipe
00000000 53 61 6c 74 65 64 5f 5f 99 47 d8 cb 3f d1 c5 62 |Salted__.G..?..b|
00000010 4b 5c 9a d1 a3 dc e1 f6 24 ca ff 37 ff 15 99 04 |K\......$..7....|
00000020 4b 5c 9a d1 a3 dc e1 f6 24 ca ff 37 ff 15 99 04 |K\......$..7....|
00000030 4b 5c 9a d1 a3 dc e1 f6 24 ca ff 37 ff 15 99 04 |K\......$..7....|
00000040 4b 5c 9a d1 a3 dc e1 f6 24 ca ff 37 ff 15 99 04 |K\......$..7....|
00000050 df 7f 61 ec 41 b0 5c 27 88 26 c7 c1 24 1e d9 1e |..a.A.\'.&..$...|
00000060
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-ecb |
| openssl enc -d -k 12345678 -aes-256-ecb | uniq -c
yes: stdout: Broken pipe
32 y
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-cbc |
| hexdump -Cv
yes: stdout: Broken pipe
00000000 53 61 6c 74 65 64 5f 5f 0f 8c c7 6e 22 91 47 19 |Salted__...n".G.|
00000010 5d cd 20 83 58 ba ce 76 ed ae de b4 31 75 d9 37 |]. .X..v....1u.7|
00000020 07 bc 02 9c 3c b1 51 37 d2 a5 ca a0 94 b9 2c 41 |....<.Q7......,A|
00000030 cd 1e a0 0a 7c 94 f1 63 b6 df e8 08 ee 52 63 e1 |....|..c.....Rc.|
00000040 91 91 89 1c 1f 6c c5 cc dc d7 5e d7 30 1f 0b d4 |.....l....^.0...|
00000050 e3 45 b2 ec b3 47 ce 8a f9 29 e9 8f 1e 7d 68 c4 |.E...G...)...}h.|
00000060
> yes | head -n 32 |
| openssl enc -k 12345678 -aes-256-cbc |
| openssl enc -d -k 12345678 -aes-256-cbc | uniq -c
yes: stdout: Broken pipe
32 y