Opcje wyszukiwania podręcznika man:
Lista stron man zaczynających się od znaku:
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z   ALPHA   NUM   OTHER   ALL
MCRYPT(1)                   General Commands Manual                  MCRYPT(1)

       crypt, mcrypt, mdecrypt - encrypt or decrypt files

       mcrypt  [  -dLFubhvrzp ] [-a algorithm] [-c config_file] [-m mode] [-s keysize]
       [-o keymode] [-k key1 key2 ...]  [-f keyfile] [ filename ...  ]

       mdecrypt  [  -LFusbhvzp  ]  [-a algorithm]  [-c config_file]  [-m mode]
       [-s keysize]  [-o keymode]  [-k key1 key2 ...]  [-f keyfile] [ filename
       ...  ]

       Mcrypt is a simple crypting program, a replacement  for  the  old  unix
       crypt(1).   When encrypting or decrypting a file, a new file is created
       with the extension .nc and mode 0600. The new file keeps the  modifica-
       tion  date of the original.  The original file may be deleted by speci-
       fying the -u parameter.  If no files are specified, the standard  input
       is encrypted to the standard output.

       Mcrypt uses all the symmetric algorithms included in libmcrypt.

       crypt  is  a  small shell wrapper around mcrypt to emulate the old unix
       crypt command.  For more information run crypt --help !

       By default, mcrypt , when one of these algorithms is specified, prompts
       something like:
        Enter passphrase: ...
        You  should then enter a passphrase long enough (512 characters is the
       maximum length). Now in order to encrypt the file,  The  passphrase  is
       transformed  using  the specified (or the default) key generation algo-
       rithm, and a random salt. The produced value is then used as  the  key,
       which is fed to the algorithm.

       Algorithm  Vulnerability:  Most algorithms today are designed to resist
       in specific attacks.  None of them is proved not to  be  vulnerable  to
       some kind of attack not as yet known.

       Compression:  By  compressing your data before encryption you gain both
       in efficiency (faster encryption) and safety  of  your  data  (language
       redundancy  is  removed).  A drawback is that most compression programs
       will add specific headers in the compressed  file,  thus  making  known
       plaintext  attacks easier.  Compression after encryption is useless and
       may result to compressed files with longer size than the original.

       Error Recovery: There is some error recovery in mcrypt.  If  bytes  are
       removed  or lost from the file or stream in ECB, CBC and OFB modes, are
       impossible to recover, although CFB mode will recover.  If  some  bytes
       are altered then a full block of plaintext is affected in ECB mode, two
       blocks in CBC and CFB modes, but only the  corresponding  byte  in  OFB
       mode.   Mcrypt  uses  a 32 bit CRC to check for errors in the encrypted

       Extra security: For the very paranoid, if mcrypt is executed with supe-
       ruser  priviledges  it  ensures  that no important data (keys etc.) are
       written to disk, as swap  etc.   Keep  in  mind  that  mcrypt  was  not
       designed to be a setuid program, so you shouldn't make it one.

       Do  not rely on the fact that an algorithm has a large key size, try to
       use long passphrases and try to make them unpredictable.

       All the block algorithms above support these modes of encryption:

       ECB: The Electronic CodeBook mode. It is the simplest mode to use  with
       a block cipher. Encrypts each block independently.

       CBC:  The  Cipher  Block Chaining mode. It is better than ECB since the
       plaintext is XOR'ed with the previous ciphertext.  A  random  block  is
       placed  as the first block so the same block or messages always encrypt
       to something different. (This is the default mode)

       CFB: The Cipher-Feedback Mode (in 8bit). This is  a  self-synchronizing
       stream cipher implemented from a block cipher.

       OFB:  The  Output-Feedback Mode (in 8bit). This is a synchronous stream
       cipher implemented from a block cipher. It is intended for use in noisy
       lines, because corrupted ciphertext blocks do not corrupt the plaintext
       blocks that follow. Insecure when used  to  encrypt  large  amounts  of
       data, so I recommend against using it.

       nOFB: The Output-Feedback Mode (in nbit). n Is the size of the block of
       the algorithm. This is a synchronous stream cipher implemented  from  a
       block  cipher. It is intended for use in noisy lines, because corrupted
       ciphertext blocks do not corrupt the plaintext blocks that follow.

       Encrypted files can be restored to their original form using mcrypt  -d
       or mdecrypt

       mdecrypt  takes  a  list of files on its command line and creates a new
       file for each file whose name ends with .nc by removing the ".nc" or by
       adding ".dc" to the end of the file name if .nc is not in the encrypted
       file's name.

       -F --force
              Force output on standard output or input from stdin if that is a
              terminal.   By  default mcrypt will not output encrypted data to
              terminal, nor read encrypted data from it.

       -z --gzip
              Use gzip (if it exists in your system) to compress files  before
              encryption.   If specified at decryption time it will decompress
              these files.

       -p --bzip2
              Use bzip2 (if it exists in your system) to compress files before
              encryption.   If specified at decryption time it will decompress
              these files.

        --openpgp-z INT
              This  option  will  enable  compression  in  OpenPGP   (RFC2440)
              encrypted files.

       -d --decrypt

              Display a help screen and quit.

       -v --version
              Version. Display the version number and quit.

       -L --license
              Display the mcrypt's license and quit.

       -o --keymode MODE
              MODE  may  be  one of the keymodes listed by the --list-keymodes
              parameter.  It actually is the convertion to the key  before  it
              is  fed  to the algorithm.  It is recommended to leave it as is,
              if you do not know what it is.  However if you still want to use
              this  option,  you might want to use the 'hex' mode which allows
              you to specify the  key  in  hex  (and  no  convertion  will  by

       -h --hash HASH_ALGORITHM
              HASH_ALGORITHM  may  be  one  of  the  algorithms  listed by the
              --list-hash parameter.  This is the digest that will be appended
              to the file to be encrypted, in order to detect file corruption.
              The default is the CRC32 checksum.

       -s --keysize SIZE
              SIZE is the algorithm's key size in bytes (not the size  of  the
              passphrase).  It  defaults  to  the maximum key supported by the
              algorithm. The maximum  key  sizes  of  the  algorithms  may  be
              obtained by the --list parameter. It is safe not to touch this.

       -g --openpgp
              This  option  will make mcrypt to use the OpenPGP (RFC2440) file
              format for encrypted files. This will make  files  encrypted  by
              mcrypt accessible from any OpenPGP compliant application.

       -b --bare
              No  important information like the algorithm, mode, the bit mode
              and the crc32 of the original file are written in the  encrypted
              file.   The  security  lies on the algorithm not on obscurity so
              this is NOT the default. This flag must also be  specified  when
              decrypting  a bare encrypted file.  When the bare flag is speci-
              fied decryption and encryption are faster. This may  be  usefull
              when using mcrypt to encrypt a link or something like that.

              Flushes  the  output (ciphertext or plaintext) immediately. Use-
              full if mcrypt is used with pipes.

       --time Prints some timing information (encryption speed etc.)

              When this option is specified mcrypt does not delete the  output
              file,  even if decryption failed. This is usefull if you want to
              decrypt a corrupted file.

       -q --quiet
              Suppress some not critical warnings.

       -u --unlink
              Unlink (delete) the input file if the whole process  of  encryp-
              tion/decryption  succeeds.  This  is not the default in order to
              use an external program to remove sensitive data.

              Lists all the algorithms currently supported.

              Lists all the key modes currently supported.

              Lists all the hash algorithms currently supported.

       -r --random
              Use /dev/(s)random instead of /dev/urandom. This may  need  some
              key  input  or  mouse  move to proceed.  If your system does not
              support /dev/random or /dev/urandom, a random gatherer  will  be

       -k --key KEY1 KEY2 ...
              Enter  the  keyword(s)  via  the command line. The KEY(s) is/are
              then used as keyword instead of prompting for them. Keep in mind
              that  someone  may see the command you are executing and so your

       -c --config FILE
              Use the specified configuration file. The default  is  .mcryptrc
              in  your home directory. The format of the configuration file is
              the same as the parameters. An example file is:
               algorithm safer+
               mode cbc
               key a_very_secret_one

       -f --keyfile FILE
              Enter the keyword(s) via a file. One keyword is read  per  line.
              The  first  keyword  read is used for the first file, the second
              for the second file etc. If the keywords are less than the files
              then the last keyword is used for the remaining. A limitation is
              that you cannot use the NULL (\0) and the Newline (\n) character
              in  the  key.  A solution to this problem is to specify the key-
              word in hex mode.

       -m --mode MODE
              Mode of encryption and decryption.  These  modes  are  currently
              supported:  ECB,  CFB,  OFB,  nOFB,  CBC  and STREAM. CBC is the
              default. Unless the bare flag is specified there is no  need  to
              specify these modes for decryption.  For stream algorithms (like
              WAKE) mode should be STREAM.

       -a --algorithm ALGORITHM
              The algorithm used to encrypt and decrypt. Unless the bare  flag
              is specified there is no need to specify these for decryption.

              The  algorithms  currently  supported  are shown with the --list

       For mcrypt to be compatible with  the  solaris  des(1),  the  following
       parameters  are  needed:  "mcrypt  -a des --keymode pkdes --bare --noiv

       For mcrypt to be compatible  with  the  unix  crypt(1),  the  following
       parameters  are needed: "mcrypt -a enigma --keymode scrypt --bare file-

       To encrypt a file using a stream algorithm (eg. Arcfour), the following
       parameters are needed: "mcrypt -a arcfour --mode stream filename".

       Mcrypt uses the following environment variables:

       MCRYPT_KEY: to specify the key

       MCRYPT_ALGO: to specify the algorithm

       MCRYPT_MODE: to specify the algorithm's mode

       MCRYPT_KEY_MODE: to specify the key mode

       You  can  use  these  instead of using the command line (which is inse-
       cure), but note that only one key should be used in MCRYPT_KEY.


       Exit status is normally 0; if an error occurs, exit status is something
       other than 0.

       Usage:  mcrypt  [-dLFubhvrzp] [-f keyfile] [-k key1 key2 ...] [-m mode]
       [-o keymode] [-a algorithm] [-c config_file] [filename ...]

       Version 2.6.0  Copyright  (C)  1998,1999,2000,2001,2002  Nikos  Mavroy-
       anopoulos (

       Thanks  to  all  the people who reported problems and suggested various
       improvements for mcrypt; who are too numerous to cite here.

local                             03 May 2003                        MCRYPT(1)

Czas wygenerowania: 0.00054 sek.

Created with the man page lookup class by Andrew Collington.
Based on a C man page viewer by Vadim Pavlov
Unicode soft-hyphen fix (as used by RedHat) by Dan Edwards
Some optimisations by Eli Argon
Caching idea and code contribution by James Richardson

Copyright © 2003-2023
Hosted by Hosting