Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     encrypt, decrypt - encrypt or decrypt files

     /usr/bin/encrypt -l | -a algorithm [-v]  [-k  key_file]  [-i
     input_file] [-o output_file]

     /usr/bin/decrypt -l | -a algorithm [-v]  [-k  key_file]  [-i
     input_file] [-o output_file]

     This utility encrypts or decrypts the given  file  or  stdin
     using  the  algorithm specified. If no output file is speci-
     fied, output is to standard out. If input and output are the
     same  file,  the  encrypted output is written to a temporary
     work file in the same filesystem and then  used  to  replace
     the original file.

     On decryption, if the input and output are  the  same  file,
     the cleartext replaces the ciphertext file.

     The output file of encrypt and the input  file  for  decrypt
     contains the following information:

       o  Output format version number, 4 bytes in  network  byte
          order. The current version is 1.

       o  Iterations used in key generation function, 4 bytes  in
          network byte order.

       o  IV (ivlen bytes)[1]. iv data  is  generated  by  random
          bytes equal to one block size.

       o  Salt data used in key generation (16 bytes).

       o  Cipher text data.

     The following options are supported:

     -a algorithm            Specify the name of the algorithm to
                             use during the encryption or decryp-
                             tion process. See USAGE,  Algorithms
                             for details.

     -i input_file           Specify the input file.  Default  is
                             stdin  if  input_file  is not speci-

     -k key_file             Specify the file containing the  key
                             value  for the encryption algorithm.
                             Each  algorithm  has  specific   key
                             material  requirements, as stated in
                             the PKCS#11 specification. If -k  is
                             not  specified,  encrypt prompts for
                             key          material          using

                             For information on generating a  key
                             file,  see dd(1M) or System Adminis-
                             tration Guide: Security Services.

     -l                      Display  the  list   of   algorithms
                             available  on  the system. This list
                             can change depending on  the  confi-
                             guration of the cryptographic frame-
                             work. The keysizes are displayed  in

     -o output_file          Specify  output  file.  Default   is
                             stdout  if output_file is not speci-
                             fied.  If  stdout  is  used  without
                             redirecting  to a file, the terminal
                             window can appear  to  hang  because
                             the  raw encrypted or decrypted data
                             has disrupted  the  terminal  emula-
                             tion,  much  like  viewing  a binary
                             file can do at times.

     -v                      Display  verbose  information.   See

     The supported algorithms are displayed  with  their  minimum
     and maximum key sizes in the -l option. These algorithms are
     provided by  the  cryptographic  framework.  Each  supported
     algorithm  is an alias of the PKCS #11 mechanism that is the
     most commonly used and least restricted version of a partic-
     ular  algorithm  type.  For  example:  des  is  an  alias to
     CKM_DES_CBC_PAD and arcfour is an alias  to  CKM_RC4.  Algo-
     rithm variants with no padding or ECB are not supported.

     These aliases are used with the  -a  option  and  are  case-

     When the -k option is not used during encryption and decryp-
     tion  tasks,  the  user  is  prompted  for a passphrase. The
     passphrase is manipulated into a more secure key  using  the
     PBKDF2 algorithm specified in PKCS #5.

     When a passphrase is used with encrypt and decrypt, the user
     entered  passphrase  is  turned into an encryption key using
     the    PBKDF2    algorithm    as    defined    defined    in
     http://www.rsasecurity.com, PKCS #5 v2.0.

     If an input file is provided to the command, a progress  bar
     spans  the  screen.  The progress bar denotes every 25% com-
     pleted with a pipe sign (|). If the input is  from  standard
     input,  a  period  (.)  is displayed each time 40KB is read.
     Upon completion of both input methods, Done is printed.

     Example 1: Listing Available Algorithms

     The following example lists available algorithms:

     example$ encrypt -l
     Algorithm       Keysize:  Min   Max
     aes                       128   128
     arcfour                     8   128
     des                        64    64
     3des                      192   192

     Example 2: Encrypting Using AES

     The following example encrypts using AES and prompts for the
     encryption key:

     example$ encrypt -a aes -i myfile.txt -o secretstuff

     Example 3: Using an In Pipe to Provide Encrypted Tape Backup

     The following example uses an in pipe to  provide  encrypted
     tape backup:

     example$ ufsdump 0f - /var | encrypt -a arcfour \
         -k /etc/mykeys/backup.k | dd of=/dev/rmt/0

     Example 4: Using an In Pipe to Restore Tape Backup

     The following example uses and in pipe  to  restore  a  tape

     example$ decrypt -a arcfour -k /etc/mykeys/backup.k \
         -i /dev/rmt/0 | ufsrestore xvf -

     Example 5: Encrypting an Input File Using the 3DES Algorithm

     The following example encrypts the inputfile file  with  the
     192-bit key stored in the des3key file:

     example$ encrypt -a 3des -k des3key -i inputfile -o outputfile

     The following exit values are returned:

     0        Successful completion.

     >0       An error occurred.

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Interface Stability         | Evolving                    |

     digest(1),      mac(1),      dd(1M),      getpassphrase(3C),
     libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5)

     System Administration Guide: Security Services

     RSA PKCS#11 v2.11: http://www.rsasecurity.com

     RSA PKCS#5 v2.0: http://www.rsasecurity.com

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.