1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
|
.TH MCRYPT 1 "03 May 2003" "local"
.SH NAME
crypt, mcrypt, mdecrypt \- encrypt or decrypt files
.SH SYNOPSIS
.ll +8
.B mcrypt
.RB [ " \-dLFubhvrzp " ]
.RB [ \-a\ algorithm ]
.RB [ "\-c\ config_file" ]
.RB [ \-m\ mode ]
.RB [ \-s\ keysize ]
.RB [ \-o\ keymode ]
.RB [ "\-k\ key1 key2 ..." ]
.RB [ \-f\ keyfile ]
[
.I "filename \&..."
]
.ll -8
.br
.B mdecrypt
.RB [ " \-LFusbhvzp " ]
.RB [ \-a\ algorithm ]
.RB [ "\-c\ config_file" ]
.RB [ \-m\ mode ]
.RB [ \-s\ keysize ]
.RB [ \-o\ keymode ]
.RB [ "\-k\ key1 key2 ..." ]
.RB [ \-f\ keyfile ]
[
.I "filename \&..."
]
.br
.SH DESCRIPTION
.I Mcrypt
is a simple crypting program, a replacement for the old unix
.IR crypt "(1)".
When encrypting or decrypting a file, a new file is created with the
extension
.B "\&.nc"
and mode 0600. The new file keeps the modification date of the original.
The original file may be deleted by specifying the -u
parameter.
If no files are specified, the standard input is encrypted to the standard
output.
.PP
.I Mcrypt
uses all the symmetric algorithms included in libmcrypt.
.I crypt
is a small shell wrapper around
.I mcrypt
to emulate the old unix crypt command. For more information run crypt --help !
.SH HINTS
By default,
.I mcrypt
, when one of these algorithms is specified, prompts something like:
Enter passphrase: ...
You should then enter a passphrase long enough (512 characters is the
maximum length). Now in order to encrypt the file, The passphrase is
transformed using the specified (or the default) key generation algorithm,
and a random salt. The produced value is then used as the key, which is fed to the
algorithm.
.PP
.B Algorithm Vulnerability:
Most algorithms today are designed to resist in specific attacks.
None of them is proved not to be vulnerable to some kind of attack not
as yet known.
.PP
.B Compression:
By compressing your data before encryption you gain
both in efficiency (faster encryption) and safety of your data (language redundancy
is removed). A drawback is that most compression programs will add specific
headers in the compressed file, thus making known plaintext attacks easier.
Compression after encryption is useless and may result to compressed files with longer size than the original.
.PP
.B Error Recovery:
There is some error recovery in mcrypt.
If bytes are removed or lost from the file or stream in ECB, CBC and OFB modes,
are impossible to recover, although CFB mode will recover. If some
bytes are altered then a full block of plaintext is affected in ECB mode,
two blocks in CBC and CFB modes, but only the corresponding byte in OFB mode.
Mcrypt uses a 32 bit CRC to check for errors in the encrypted files.
.PP
.B Extra security:
For the very paranoid, if mcrypt is executed with superuser privileges it
ensures that no important data (keys etc.) are written to disk, as swap etc.
Keep in mind that mcrypt was not designed to be a setuid program, so you
shouldn't make it one.
.PP
Do not rely on the fact that an algorithm has a large key size, try to use
long passphrases and try to make them unpredictable.
.PP
All the block algorithms above support these modes of encryption:
.B ECB:
The Electronic CodeBook mode. It is the simplest mode to use with a
block cipher. Encrypts each block independently.
.B CBC:
The Cipher Block Chaining mode. It is better than ECB since the plaintext
is XOR'ed with the previous ciphertext. A random block is placed as the
first block so the same block or messages always encrypt to something
different. (This is the default mode)
.B CFB:
The Cipher-Feedback Mode (in 8bit). This is a self-synchronizing
stream cipher implemented from a block cipher.
.B OFB:
The Output-Feedback Mode (in 8bit). This is a synchronous
stream cipher implemented from a block cipher. It is intended for use
in noisy lines, because corrupted ciphertext blocks do not corrupt the
plaintext blocks that follow. Insecure when used to encrypt large amounts
of data, so I recommend against using it.
.B nOFB:
The Output-Feedback Mode (in nbit). n Is the size of the block of the
algorithm. This is a synchronous stream cipher implemented from a block
cipher. It is intended for use in noisy lines, because corrupted ciphertext
blocks do not corrupt the plaintext blocks that follow.
.PP
Encrypted files can be restored to their original form using
.I mcrypt -d
or
.I mdecrypt
.
.PP
.I mdecrypt
takes a list of files on its command line and creates a new file for each
file whose name ends with .nc by removing the ".nc" or by adding ".dc"
to the end of the file name if .nc is not in the encrypted file's name.
.SH OPTIONS
.TP
.B \-F --force
Force output on standard output or input from stdin if that is a terminal.
By default mcrypt will not output encrypted data to terminal, nor read
encrypted data from it.
.TP
.B \-z --gzip
Use gzip (if it exists in your system) to compress files before encryption.
If specified at decryption time it will decompress these files.
.TP
.B \-p --bzip2
Use bzip2 (if it exists in your system) to compress files before encryption.
If specified at decryption time it will decompress these files.
.TP
.B \ --openpgp-z INT
This option will enable compression in OpenPGP (RFC2440) encrypted files.
.TP
.B \-d --decrypt
Decrypt.
.TP
.B \ --help
Display a help screen and quit.
.TP
.B \-v --version
Version. Display the version number and quit.
.TP
.B \-L --license
Display the
.I mcrypt's
license and quit.
.TP
.B \-o --keymode MODE
MODE may be one of the keymodes listed by the --list-keymodes parameter.
It actually is the conversion to the key before it is fed to the algorithm.
It is recommended to leave it as is, if you do not know what it is.
However if you still want to use this option, you might want to
use the 'hex' mode which allows you to specify the key in hex
(and no conversion will by applied).
.TP
.B \-h --hash HASH_ALGORITHM
HASH_ALGORITHM may be one of the algorithms listed by the --list-hash parameter.
This is the digest that will be appended to the file to be encrypted,
in order to detect file corruption. The default is the CRC32 checksum.
.TP
.B \-s --keysize SIZE
SIZE is the algorithm's key size in bytes (not the size of the passphrase). It
defaults to the maximum key supported by the algorithm. The maximum key sizes of
the algorithms may be obtained by the --list parameter. It is safe not to
touch this.
.TP
.B \-g --openpgp
This option will make mcrypt to use the OpenPGP (RFC2440) file format
for encrypted files. This will make files encrypted by mcrypt accessible
from any OpenPGP compliant application.
.TP
.B \-b --bare
No important information like the algorithm, mode, the bit mode and
the crc32 of the original file are written in the encrypted file.
The security lies on the algorithm not on obscurity so this is NOT the
default. This flag must also be specified when decrypting a bare encrypted
file.
When the bare flag is specified decryption and encryption are faster. This
may be useful when using mcrypt to encrypt a link or something like that.
.TP
.B --flush
Flushes the output (ciphertext or plaintext) immediately. Useful if mcrypt
is used with pipes.
.TP
.B --time
Prints some timing information (encryption speed etc.)
.TP
.B --nodelete
When this option is specified mcrypt does not delete the output file, even
if decryption failed. This is useful if you want to decrypt a corrupted
file.
.TP
.B \-q --quiet
Suppress some not critical warnings.
.TP
.B \-u --unlink
Unlink (delete) the input file if the whole process of encryption/decryption
succeeds. This is not the default in order to use an external program
to remove sensitive data.
.TP
.B \ --list
Lists all the algorithms currently supported.
.TP
.B \ --list-keymodes
Lists all the key modes currently supported.
.TP
.B \ --list-hash
Lists all the hash algorithms currently supported.
.TP
.B \-r --random
Use /dev/(s)random instead of /dev/urandom. This may need some key input
or mouse move to proceed.
If your system does not support /dev/random or /dev/urandom, a
random gatherer will be used.
.TP
.B \-k --key KEY1 KEY2 ...
Enter the keyword(s) via the command line. The KEY(s) is/are then used as
keyword instead of prompting for them. Keep in mind that someone
may see the command you are executing and so your keyword(s).
.TP
.B \-c --config FILE
Use the specified configuration file. The default is .mcryptrc
in your home directory. The format of the configuration
file is the same as the parameters. An example file is:
algorithm safer+
mode cbc
key a_very_secret_one
.TP
.B \-f --keyfile FILE
Enter the keyword(s) via a file. One keyword is read per line.
The first keyword read is used for the first file, the second for
the second file etc. If the keywords are less than the files then
the last keyword is used for the remaining. A limitation is that you cannot
use the NULL (\\0) and the Newline (\\n) character in the key.
A solution to this problem is to specify the keyword in hex mode.
.TP
.B \-m --mode MODE
Mode of encryption and decryption. These modes are currently supported:
ECB, CFB, OFB, nOFB, CBC and STREAM. CBC is the default. Unless the bare flag
is specified there is no need to specify these modes for decryption.
For stream algorithms (like WAKE) mode should be STREAM.
.TP
.B \-a --algorithm ALGORITHM
The algorithm used to encrypt and decrypt. Unless the bare flag is specified
there is no need to specify these for decryption.
The algorithms currently supported are shown with the --list parameter.
.fi
.PP
.SH "EXAMPLES"
For mcrypt to be compatible with the solaris
.IR des "(1)",
the following parameters are needed: "mcrypt -a des --keymode pkdes --bare --noiv filename".
.LP
For mcrypt to be compatible with the unix
.IR crypt "(1)",
the following parameters are needed: "mcrypt -a enigma --keymode scrypt --bare filename".
.LP
To encrypt a file using a stream algorithm (eg. Arcfour), the following parameters
are needed: "mcrypt -a arcfour --mode stream filename".
.PP
.SH "ENVIRONMENT"
Mcrypt uses the following environment variables:
.B MCRYPT_KEY:
to specify the key
.B MCRYPT_ALGO:
to specify the algorithm
.B MCRYPT_MODE:
to specify the algorithm's mode
.B MCRYPT_KEY_MODE:
to specify the key mode
You can use these instead of using the command line (which is insecure),
but note that only one key should be used in MCRYPT_KEY.
.PP
.SH "SEE ALSO"
.BR des_crypt (3)
.SH "DIAGNOSTICS"
Exit status is normally 0;
if an error occurs, exit status is something other than 0.
.PP
Usage: mcrypt [-dLFubhvrzp] [-f keyfile] [-k key1 key2 ...] [-m mode] [-o keymode] [-a algorithm] [-c config_file] [filename ...]
.in +8
.SH AUTHORS
Version 2.6.0
Copyright (C) 1998,1999,2000,2001,2002 Nikos Mavroyanopoulos (nmav@gnutls.org).
.LP
Thanks to all the people who reported problems and suggested various
improvements for mcrypt; who are too numerous to cite here.
.LP
|
