-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathencr.1
47 lines (43 loc) · 1.11 KB
/
encr.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
.Dd $Mdocdate: March 17 2017 $
.Dt ENCR 1
.Os
.Sh NAME
.Nm encr
.Nd encrypt, authenticate and decrypt streams of data using a shared key.
.Sh SYNOPSIS
.Nm encr
.Op Fl g
.Op Fl d
.Op Fl k Ar keyfile
.Sh DESCRIPTION
.Nm
encrypts or authenticates and decrypts (with -d) using a shared 96-byte key
.Ar keyfile
(provided via -k, or generated with -g and -k). Input is passed via stdin,
and output is printed to stdout.
.Nm
buffers data into segments for processing and blocks if not enough data
is provided, it is unsuitable for interactive encryption/decryption.
.Pp
.Nm
protects confidentiality with AES-256 CTR encryption and checks integrity/authenticity
using HMAC with the SHA256 hash function.
.Nm
will not pass unauthenticated data to stdout, and aborts when given an unauthenticated,
reordered or truncated data stream.
.Pp
.Nm
aborts if
.Ar keyfile
is world accessible.
.Sh EXIT STATUS
.Ex -std encr
.Sh EXAMPLE
.Bd -literal
generate a random key file:
$ encr -g -k ./secret.key
encrypt a plain text:
$ encr -k ./secret.key < plain.txt > cipher.txt
decrypt a cipher text:
$ encr -d -k ./secret.key < cipher.txt > plain.txt
.Ed