Windows PowerShell command on Get-command decrypt

Manual Pages for UNIX Operating System command usage for man decrypt

User Commands encrypt(1)

NAME

encrypt, decrypt - encrypt or decrypt files

SYNOPSIS

/usr/bin/encrypt -l

/usr/bin/encrypt -a algorithm [-v]

[-k key_file | -K key_label [-T token_spec]]

[-i input_file] [-o output_file]

/usr/bin/decrypt -l

/usr/bin/decrypt -a algorithm [-v]

[-k key_file | -K key_label [-T token_spec]]

[-i input_file] [-o output_file]

DESCRIPTION

This utility encrypts or decrypts the given file or stdin

using the algorithm specified. If no output file is speci-

fied, output is to standard out. If input and output are the same file, the encrypted output is written to a temporary work file in the same filesystem and then used to replace the original file.

On decryption, if the input and output are the same file,

the cleartext replaces the ciphertext file.

The output file of encrypt and the input file for decrypt

contains the following information: o Output format version number, 4 bytes in network byte order. The current version is 1. o Iterations used in key generation function, 4 bytes in network byte order. o IV (ivlen bytes)[1]. iv data is generated by random bytes equal to one block size. o Salt data used in key generation (16 bytes). o Cipher text data. OPTIONS The following options are supported:

SunOS 5.11 Last change: 17 Dec 2008 1

User Commands encrypt(1)

-a algorithm Specify the name of the algorithm to use

during the encryption or decryption pro-

cess. See USAGE, Algorithms for details.

-i input_file Specify the input file. Default is stdin

if input_file is not specified.

-k key_file Specify the file containing the key value

for the encryption algorithm. Each algo-

rithm has specific key material require-

ments, as stated in the PKCS#11 specifica-

tion. If -k is not specified, encrypt

prompts for key material using getpassphrase(3C). The size of the key file determines the key length, and passphrases set from the terminal are always used to generate 128 bit long keys for ciphers with a variable key length. For information on generating a key file, see the genkey subcommand in pktool(1). Alternatively, dd(1M) can be used.

-K key_label Specify the label of a symmetric token key

in a PKCS#11 token.

-l Display the list of algorithms available

on the system. This list can change depending on the configuration of the cryptographic framework. The keysizes are displayed in bits.

-o output_file Specify output file. Default is stdout if

output_file is not specified. If stdout is

used without redirecting to a file, the terminal window can appear to hang because

the raw encrypted or decrypted data has

disrupted the terminal emulation, much like viewing a binary file can do at times.

-T token_spec Specify a PKCS#11 token other than the

default soft token object store when the

-K is specified.

token_spec has the format of:

SunOS 5.11 Last change: 17 Dec 2008 2

User Commands encrypt(1)

token_name [:manuf_id [:serial_no]]

When a token label contains trailing spaces, this option does not require them to be typed as a convenience to the user. Colon separates token identification string. If any of the parts have a literal colon (:) character, it must be escaped by a backslash (\). If a colon (:) is not

found, the entire string (up to 32 charac-

ters) is taken as the token label. If only one colon (:) is found, the string is the token label and the manufacturer.

-v Display verbose information. See Verbose.

USAGE

Algorithms The supported algorithms are displayed with their minimum

and maximum key sizes in the -l option. These algorithms are

provided by the cryptographic framework. Each supported

algorithm is an alias of the PKCS #11 mechanism that is the

most commonly used and least restricted version of a partic-

ular algorithm type. For example, des is an alias to

CKM_DES_CBC_PAD and arcfour is an alias to CKM_RC4. Algo-

rithm variants with no padding or ECB are not supported.

These aliases are used with the -a option and are case-

sensitive. Passphrase

When the -k option is not used during encryption and decryp-

tion tasks, the user is prompted for a passphrase. The passphrase is manipulated into a more secure key using the

PBKDF2 algorithm specified in PKCS #5.

When a passphrase is used with encrypt and decrypt, the user

entered passphrase is turned into an encryption key using the PBKDF2 algorithm as defined defined in

http://www.rsasecurity.com, PKCS #5 v2.0.

Verbose If an input file is provided to the command, a progress bar

spans the screen. The progress bar denotes every 25% com-

pleted with a pipe sign (|). If the input is from standard input, a period (.) is displayed each time 40KB is read.

SunOS 5.11 Last change: 17 Dec 2008 3

User Commands encrypt(1) Upon completion of both input methods, Done is printed.

EXAMPLES

Example 1 Listing Available Algorithms The following example lists available algorithms:

example$ encrypt -l

Algorithm Keysize: Min Max

-----------------------------------

aes 128 128 arcfour 8 128 des 64 64 3des 192 192 Example 2 Encrypting Using AES The following example encrypts using AES and prompts for the encryption key:

example$ encrypt -a aes -i myfile.txt -o secretstuff

Example 3 Encrypting Using AES with a Key File The following example encrypts using AES after the key file has been created:

example$ pktool genkey keystore=file keytype=aes keylen=128 \

outkey=key

example$ encrypt -a aes -k key -i myfile.txt -o secretstuff

Example 4 Using an In Pipe to Provide Encrypted Tape Backup The following example uses an in pipe to provide encrypted tape backup:

example$ ufsdump 0f - /var | encrypt -a arcfour \

-k /etc/mykeys/backup.k | dd of=/dev/rmt/0

SunOS 5.11 Last change: 17 Dec 2008 4

User Commands encrypt(1) Example 5 Using an In Pipe to Restore Tape Backup The following example uses and in pipe to restore a tape backup:

example$ decrypt -a arcfour -k /etc/mykeys/backup.k \

-i /dev/rmt/0 | ufsrestore xvf -

Example 6 Encrypting an Input File Using the 3DES Algorithm The following example encrypts the inputfile file with the

192-bit key stored in the des3key file:

example$ encrypt -a 3des -k des3key -i inputfile -o outputfile

Example 7 Encrypting an Input File with a DES token key The following example encrypts the input file file with a DES token key in the soft token keystore. The DES token key can be generated with pktool(1):

example$ encrypt -a des -K mydeskey \

-T "Sun Software PKCS#11 softtoken" -i inputfile \

-o outputfile

EXIT STATUS The following exit values are returned: 0 Successful completion. >0 An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attri-

butes:

SunOS 5.11 Last change: 17 Dec 2008 5

User Commands encrypt(1)

____________________________________________________________

| ATTRIBUTE TYPE | ATTRIBUTE VALUE |

|_____________________________|_____________________________|

| Availability | SUNWcs |

|_____________________________|_____________________________|

| Interface Stability | Committed |

|_____________________________|_____________________________|

Manual Pages for UNIX Operating System command usage for man decrypt

NAME

encrypt, decrypt - encrypt or decrypt files

SYNOPSIS

/usr/bin/decrypt -l

/usr/bin/decrypt -a algorithm [-v]

DESCRIPTION

This utility encrypts or decrypts the given file or stdin

On decryption, if the input and output are the same file,

The output file of encrypt and the input file for decrypt

during the encryption or decryption pro-

cess. See USAGE, Algorithms for details.

the raw encrypted or decrypted data has

USAGE

When a passphrase is used with encrypt and decrypt, the user

EXAMPLES

example$ decrypt -a arcfour -k /etc/mykeys/backup.k \

ATTRIBUTES

| ATTRIBUTE TYPE | ATTRIBUTE VALUE |

SEE ALSO