Add support for PBKDF2 for enc command

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2083)

1 files changed, 12 insertions, 2 deletions

diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index cbf5cb2361..01cca4ea93 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -27,6 +27,8 @@ B<openssl enc -I<cipher>>
 [B<-nosalt>]
 [B<-z>]
 [B<-md digest>]
+[B<-iter count>]
+[B<-pbkdf2>]
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
@@ -109,6 +111,16 @@ the B<-pass> argument.
 Use the specified digest to create the key from the passphrase.
 The default algorithm is sha-256.
 
+=item B<-iter count>
+
+Use a given number of iterations on the password in deriving the encryption key.
+High values increase the time required to brute-force the resulting file.
+This option enables the use of PBKDF2 algorithm to derive the key.
+
+=item B<-pbkdf2>
+
+Use PBKDF2 algorithm with default iteration count unless otherwise specified.
+
 =item B<-nosalt>
 
 Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
@@ -375,8 +387,6 @@ Decrypt some data using a supplied 40 bit RC4 key:
 
 The B<-A> option when used with large files doesn't work properly.
 
-There should be an option to allow an iteration count to be included.
-
 The B<enc> program only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
 76 bit key or RC4 with an 84 bit key you can't use this program.