diff options
Diffstat (limited to 'static/freebsd/man1/openssl-enc.1')
| -rw-r--r-- | static/freebsd/man1/openssl-enc.1 | 570 |
1 files changed, 570 insertions, 0 deletions
diff --git a/static/freebsd/man1/openssl-enc.1 b/static/freebsd/man1/openssl-enc.1 new file mode 100644 index 00000000..9b30dc2b --- /dev/null +++ b/static/freebsd/man1/openssl-enc.1 @@ -0,0 +1,570 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENC 1ossl" +.TH OPENSSL-ENC 1ossl 2026-04-07 3.5.6 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +openssl\-enc \- symmetric cipher routines +.SH SYNOPSIS +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBenc\fR|\fIcipher\fR +[\fB\-\fR\f(BIcipher\fR] +[\fB\-help\fR] +[\fB\-list\fR] +[\fB\-ciphers\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-base64\fR] +[\fB\-A\fR] +[\fB\-k\fR \fIpassword\fR] +[\fB\-kfile\fR \fIfilename\fR] +[\fB\-K\fR \fIkey\fR] +[\fB\-iv\fR \fIIV\fR] +[\fB\-S\fR \fIsalt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-pbkdf2\fR] +[\fB\-saltlen\fR \fIsize\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize\fR \fInumber\fR] +[\fB\-nopad\fR] +[\fB\-v\fR] +[\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-skeymgmt\fR \fIskeymgmt\fR] +[\fB\-skeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-provider\fR \fIname\fR] +[\fB\-provider\-path\fR \fIpath\fR] +[\fB\-provparam\fR \fI[name:]key=value\fR] +[\fB\-propquery\fR \fIpropq\fR] +.PP +\&\fBopenssl\fR \fIcipher\fR [\fB...\fR] +.SH DESCRIPTION +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH OPTIONS +.IX Header "OPTIONS" +.IP \fB\-\fR\f(BIcipher\fR 4 +.IX Item "-cipher" +The cipher to use. +.IP \fB\-help\fR 4 +.IX Item "-help" +Print out a usage message. +.IP \fB\-list\fR 4 +.IX Item "-list" +List all supported ciphers. +.IP \fB\-ciphers\fR 4 +.IX Item "-ciphers" +Alias of \-list to display all supported ciphers. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input filename, standard input by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The output filename, standard output by default. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +The password source. For more information about the format of \fIarg\fR +see \fBopenssl\-passphrase\-options\fR\|(1). +.IP \fB\-e\fR 4 +.IX Item "-e" +Encrypt the input data: this is the default. +.IP \fB\-d\fR 4 +.IX Item "-d" +Decrypt the input data. +.IP \fB\-a\fR 4 +.IX Item "-a" +Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.Sp +When the \fB\-A\fR option not given, +on encoding a newline is inserted after each 64 characters, and +on decoding a newline is expected among the first 1024 bytes of input. +.IP \fB\-base64\fR 4 +.IX Item "-base64" +Same as \fB\-a\fR +.IP \fB\-A\fR 4 +.IX Item "-A" +If the \fB\-a\fR option is set then base64 encoding produces output without any +newline character, and base64 decoding does not require any newlines. +Therefore it can be helpful to use the \fB\-A\fR option when decoding unknown input. +.IP "\fB\-k\fR \fIpassword\fR" 4 +.IX Item "-k password" +The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-kfile\fR \fIfilename\fR" 4 +.IX Item "-kfile filename" +Read the password to derive the key from the first line of \fIfilename\fR. +This is for compatibility with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Use the specified digest to create the key from the passphrase. +The default algorithm is sha\-256. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute\-force the resulting file. +This option enables the use of PBKDF2 algorithm to derive the key. +.IP \fB\-pbkdf2\fR 4 +.IX Item "-pbkdf2" +Use PBKDF2 algorithm with a default iteration count of 10000 +unless otherwise specified by the \fB\-iter\fR command line option. +.IP \fB\-saltlen\fR 4 +.IX Item "-saltlen" +Set the salt length to use when using the \fB\-pbkdf2\fR option. +For compatibility reasons, the default is 8 bytes. +The maximum value is currently 16 bytes. +If the \fB\-pbkdf2\fR option is not used, then this option is ignored +and a fixed salt length of 8 is used. The salt length used when +encrypting must also be used when decrypting. +.IP \fB\-nosalt\fR 4 +.IX Item "-nosalt" +Don\*(Aqt use a salt in the key derivation routines. This option \fBSHOULD NOT\fR be +used except for test purposes or compatibility with ancient versions of +OpenSSL. +.IP \fB\-salt\fR 4 +.IX Item "-salt" +Use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting, this is the default. +.IP "\fB\-S\fR \fIsalt\fR" 4 +.IX Item "-S salt" +The actual salt to use: this must be represented as a string of hex digits. +If this option is used while encrypting, the same exact value will be needed +again during decryption. This salt may be truncated or zero padded to +match the salt length (See \fB\-saltlen\fR). +.IP "\fB\-K\fR \fIkey\fR" 4 +.IX Item "-K key" +The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the IV must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the IV generated from the +password will be taken. It does not make much sense to specify both key +and password. +.IP "\fB\-iv\fR \fIIV\fR" 4 +.IX Item "-iv IV" +The actual IV to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. +.IP \fB\-p\fR 4 +.IX Item "-p" +Print out the key and IV used. +.IP \fB\-P\fR 4 +.IX Item "-P" +Print out the key and IV used then immediately exit: don\*(Aqt do any encryption +or decryption. +.IP "\fB\-bufsize\fR \fInumber\fR[\fBk\fR]" 4 +.IX Item "-bufsize number[k]" +Set the buffer size for I/O. +The maximum size that can be specified is \fB2^31\-1\fR (2147483647) bytes. +The \fBk\fR suffix can be specified to indicate that \fInumber\fR is provided +in kibibytes (multiples of 1024 bytes). +.IP \fB\-nopad\fR 4 +.IX Item "-nopad" +Disable standard block padding. +.IP \fB\-v\fR 4 +.IX Item "-v" +Verbose print; display some statistics about I/O and buffer sizes. +.IP \fB\-debug\fR 4 +.IX Item "-debug" +Debug the BIOs used for I/O. +.IP \fB\-z\fR 4 +.IX Item "-z" +Compress or decompress encrypted data using zlib after encryption or before +decryption. This option exists only if OpenSSL was compiled with the zlib +or zlib\-dynamic option. +.IP \fB\-none\fR 4 +.IX Item "-none" +Use NULL cipher (no encryption or decryption of input). +.IP "\fB\-skeymgmt\fR \fIskeymgmt\fR" 4 +.IX Item "-skeymgmt skeymgmt" +Some providers may support opaque symmetric keys objects. To use them, we need +to know the name of the \fBEVP_SKEYMGMT\fR to be used. If not specified, the name +of the cipher will be used. +.Sp +To find out the name of the suitable symmetric key management, +please refer to the output of the \f(CW\*(C`openssl list \-skey\-managers\*(C'\fR command. +.IP "\fB\-skeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-skeyopt opt:value" +To obtain an existing opaque symmetric key or generate a new one, key +options are specified as opt:value. These options can\*(Aqt be used together with +any options implying raw key directly or indirectly. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See "Random State Options" in \fBopenssl\fR\|(1) for details. +.IP "\fB\-provider\fR \fIname\fR" 4 +.IX Item "-provider name" +.PD 0 +.IP "\fB\-provider\-path\fR \fIpath\fR" 4 +.IX Item "-provider-path path" +.IP "\fB\-provparam\fR \fI[name:]key=value\fR" 4 +.IX Item "-provparam [name:]key=value" +.IP "\fB\-propquery\fR \fIpropq\fR" 4 +.IX Item "-propquery propq" +.PD +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See "Engine Options" in \fBopenssl\fR\|(1). +This option is deprecated. +.SH NOTES +.IX Header "NOTES" +The program can be called either as \f(CW\*(C`openssl \fR\f(CIcipher\fR\f(CW\*(C'\fR or +\&\f(CW\*(C`openssl enc \-\fR\f(CIcipher\fR\f(CW\*(C'\fR. The first form doesn\*(Aqt work with +engine\-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers. +.PP +Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using \fB\-engine\fR +option can only be used for hardware\-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file. +.PP +When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. +.PP +A password will be prompted for to derive the key and IV if necessary. +.PP +The \fB\-salt\fR option should \fBALWAYS\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. +.PP +When the salt is generated at random (that means when encrypting using a +passphrase without explicit salt given using \fB\-S\fR option), the first bytes +of the encrypted data are reserved to store the salt for later decrypting. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as AES, in CBC mode. +.PP +All the block ciphers normally use PKCS#7 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However, since the chance of random data passing the test +is better than 1 in 256 it isn\*(Aqt a very good test. +.PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP +All RC2 ciphers have the same key and effective key length. +.PP +Blowfish and RC5 algorithms use a 128 bit key. +.PP +Please note that OpenSSL 3.0 changed the effect of the \fB\-S\fR option. +Any explicit salt value specified via this option is no longer prepended to the +ciphertext when encrypting, and must again be explicitly provided when decrypting. +Conversely, when the \fB\-S\fR option is used during decryption, the ciphertext +is expected to not have a prepended salt value. +.PP +When using OpenSSL 3.0 or later to decrypt data that was encrypted with an +explicit salt under OpenSSL 1.1.1 do not use the \fB\-S\fR option, the salt will +then be read from the ciphertext. +To generate ciphertext that can be decrypted with OpenSSL 1.1.1 do not use +the \fB\-S\fR option, the salt will be then be generated randomly and prepended +to the output. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output when invoking this command +with the \fB\-list\fR option (that is \f(CW\*(C`openssl enc \-list\*(C'\fR) is +a list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines. +.PP +This command does not support authenticated encryption modes +like CCM and GCM, and will not support such modes in the future. +This is due to having to begin streaming output (e.g., to standard output +when \fB\-out\fR is not used) before the authentication tag could be validated. +When this command is used in a pipeline, the receiving end will not be +able to roll back upon authentication failure. The AEAD modes currently in +common use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since \fBopenssl enc\fR places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing AEAD modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in this command, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, \fBopenssl\-cms\fR\|(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. +.PP +When enc is used with key wrapping modes the input data cannot be streamed, +meaning it must be processed in a single pass. +Consequently, the input data size must be less than +the buffer size (\-bufsize arg, default to 8*1024 bytes). +The \*(Aq*\-wrap\*(Aq ciphers require the input to be a multiple of 8 bytes long, +because no padding is involved. +The \*(Aq*\-wrap\-pad\*(Aq ciphers allow any input length. +In both cases, no IV is needed. See example below. +.PP +.Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& chacha20 ChaCha20 algorithm +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CFB mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& +\& desx DESX algorithm. +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& +\& rc4 128 bit RC4 +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode +\& +\& aes\-[128|192|256]\-wrap key wrapping using 128/192/256 bit AES +\& aes\-[128|192|256]\-wrap\-pad key wrapping with padding using 128/192/256 bit AES +\& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& +\& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode +\& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc +\& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode +\& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode +\& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode +\& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode +\& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode +\& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode +.Ve +.SH EXAMPLES +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 \-in file.bin \-out file.b64 +.Ve +.PP +Decode the same file +.PP +.Vb 1 +\& openssl base64 \-d \-in file.b64 \-out file.bin +.Ve +.PP +Encrypt a file using AES\-128 using a prompted password +and PBKDF2 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 +.Ve +.PP +Decrypt a file using a supplied password: +.PP +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass:<password> +.Ve +.PP +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using AES\-256 in CTR mode and PBKDF2 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 +.Ve +.PP +Base64 decode a file then decrypt it using a password supplied in a file: +.PP +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file:<passfile> +.Ve +.PP +AES key wrapping: +.PP +.Vb 3 +\& openssl enc \-e \-a \-id\-aes128\-wrap\-pad \-K 000102030405060708090A0B0C0D0E0F \-in file.bin +\&or +\& openssl aes128\-wrap\-pad \-e \-a \-K 000102030405060708090A0B0C0D0E0F \-in file.bin +.Ve +.SH BUGS +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn\*(Aqt work properly. +On the other hand, when base64 decoding without the \fB\-A\fR option, +if the first 1024 bytes of input do not include a newline character +the first two lines of input are ignored. +.PP +The \fBopenssl enc\fR command only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use RC2 with a +76 bit key or RC4 with an 84 bit key you can\*(Aqt use this program. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-list\fR\|(1), \fBEVP_SKEY\fR\|(3) +.SH HISTORY +.IX Header "HISTORY" +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +.PP +The \fB\-list\fR option was added in OpenSSL 1.1.1e. +.PP +The \fB\-ciphers\fR and \fB\-engine\fR options were deprecated in OpenSSL 3.0. +.PP +The \fB\-saltlen\fR option was added in OpenSSL 3.2. +.PP +The \fB\-skeymgmt\fR and \fB\-skeyopt\fR options were added in OpenSSL 3.5. +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +<https://www.openssl.org/source/license.html>. |