enc.1s 命令

常用示例

说明

openssl enc performs symmetric encryption and decryption using various cipher algorithms. It is the general-purpose encryption command in OpenSSL. The command supports numerous ciphers including AES, DES, Blowfish, Camellia, ChaCha20, and others. When deriving keys from passwords, use -pbkdf2 for secure key derivation with a salt (enabled by default). Output can be binary or base64-encoded with -a. Common use cases include file encryption, creating encrypted backups, and data protection workflows.

参数

-e

Encrypt the input data (default).

-d

Decrypt the input data.

-in _FILE_

Input file.

-out _FILE_

Output file.

-a, -base64

Base64 encode/decode the data.

-pass _SOURCE_

Password source (e.g., pass:password, file:pathname, env:var, stdin).

-k _PASSWORD_

Password for key derivation. Superseded by -pass.

-pbkdf2

Use PBKDF2 key derivation (recommended; default iteration count 10000).

-iter _COUNT_

Override PBKDF2 iteration count.

-salt

Use a random salt for key derivation (default).

-nosalt

Do not use salt. Not recommended except for testing.

-K _KEY_

Actual encryption key in hex.

-iv _IV_

Actual initialization vector in hex.

-P

Print key and IV then exit; do not encrypt or decrypt.

-p

Print key and IV, then proceed with encryption/decryption.

-list

List all supported ciphers.

-nopad

Disable standard block padding.