diff options
author | EasySec <easy.sec@free.fr> | 2022-02-12 02:07:34 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-02-18 15:04:28 +1100 |
commit | 7850cc8307b9105f37dde864d5c8c881c522b28a (patch) | |
tree | a8bf35ec78300468ca132d62b6931eca78e729ff /doc | |
parent | b089d546242bbc073aefb6f6471586e484118863 (diff) |
enc : add support for wrap mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-enc.pod.in | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index f424358ab3..85f707a17a 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -274,7 +274,7 @@ able to roll back upon authentication failure. The AEAD modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since B<openssl enc> places the entire burden of key/iv/nonce management upon the user, the risk of -exposing AEAD modes is too great to allow. These key/iv/nonce +exposing AEAD modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in this command, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. @@ -282,6 +282,15 @@ For bulk encryption of data, whether using authenticated encryption modes or other modes, L<openssl-cms(1)> is recommended, as it provides a standard data format and performs the needed key/iv/nonce management. +When enc is used with key wrapping modes the input data cannot be streamed, +meaning it must be processed in a single pass. +Consequently, the input data size must be less than +the buffer size (-bufsize arg, default to 8*1024 bytes). +The '*-wrap' ciphers require the input to be a multiple of 8 bytes long, +because no padding is involved. +The '*-wrap-pad' ciphers allow any input length. +In both cases, no IV is needed. See example below. + base64 Base 64 @@ -369,6 +378,9 @@ standard data format and performs the needed key/iv/nonce management. aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode + aes-[128|192|256]-wrap key wrapping using 128/192/256 bit AES + aes-[128|192|256]-wrap-pad key wrapping with padding using 128/192/256 bit AES + aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode aria[128|192|256] Alias for aria-[128|192|256]-cbc aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode @@ -417,6 +429,12 @@ Base64 decode a file then decrypt it using a password supplied in a file: openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \ -pass file:<passfile> +AES key wrapping: + + openssl enc -e -a -id-aes128-wrap-pad -K 000102030405060708090A0B0C0D0E0F -in file.bin +or + openssl aes128-wrap-pad -e -a -K 000102030405060708090A0B0C0D0E0F -in file.bin + =head1 BUGS The B<-A> option when used with large files doesn't work properly. |