1.\"	$MirOS: src/usr.bin/encrypt/encrypt.1,v 1.2 2008/09/06 14:36:04 tg Exp $
2.\"	$OpenBSD: encrypt.1,v 1.18 2003/06/14 23:19:18 millert Exp $
3.\"
4.\" Copyright (c) 1996, Jason Downs.  All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
16.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
19.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.Dd $Mdocdate: September 6 2008 $
28.Dt ENCRYPT 1
29.Os
30.Sh NAME
31.Nm encrypt
32.Nd encrypt passwords from the command line or standard input
33.Sh SYNOPSIS
34.Nm encrypt
35.Fl b Ar rounds
36.Op Fl p | Ar string
37.Nm encrypt
38.Op Fl c Ar class
39.Op Fl p | Ar string
40.Nm encrypt
41.Fl m
42.Op Fl p | Ar string
43.Nm encrypt
44.Fl S Ar salt
45.Op Fl p | Ar string
46.Nm encrypt
47.Fl s Ar salt
48.Op Fl p | Ar string
49.Nm encrypt
50.Fl k
51.Nm makekey
52.Sh DESCRIPTION
53.Nm
54prints the encrypted form of
55.Ar string
56to the standard output.
57This is mostly useful for encrypting passwords from within scripts.
58.Pp
59The options are as follows:
60.Bl -tag -width xbxrounds
61.It Fl k
62Run in
63.Nm makekey
64compatible mode; a single combined key and salt are read from standard
65input and the DES encrypted result is written to standard output without a
66terminating newline.
67.It Fl b Ar rounds
68Encrypt the string using Blowfish hashing with the specified
69.Ar rounds .
70.It Fl c Ar class
71Use the cipher type specified in the given user login class.
72See
73.Xr login.conf 5
74for more information.
75.It Fl m
76Encrypt the string using MD5.
77.It Fl p
78Prompt for a single string with echo turned off.
79.It Fl S Ar salt
80Encrypt the string with the specified
81.Ar salt ,
82using the algorithm specified by
83.Ar salt .
84.It Fl s Ar salt
85Encrypt the string using DES, with the specified
86.Ar salt .
87.El
88.Pp
89If no
90.Ar string
91is specified,
92.Nm
93reads one string per line from standard input, encrypting each one
94with the chosen algorithm from above.
95In the case where no specific algorithm or specific user login class was given
96as a command line option, the algorithm specified in the default class in
97.Pa /etc/login.conf
98will be used.
99.Pp
100For MD5 and Blowfish as well as any algorithm determined from the login
101.Ar class ,
102a new random salt is automatically generated for each password, except if the
103.Fl S
104option is used.
105.Pp
106Specifying the
107.Ar string
108on the command line should be discouraged; using the
109standard input is more secure.
110.Sh FILES
111.Bl -tag -width /etc/login.conf -compact
112.It Pa /etc/login.conf
113.El
114.Sh SEE ALSO
115.Xr crypt 3 ,
116.Xr login.conf 5
117.Sh HISTORY
118.Nm
119first appeared in
120.Ox 1.2 .
121.Pp
122A
123.Nm makekey
124command appeared in
125.At v7 .
126.Pp
127The
128.Fl S
129option first appeared in
130.Mx 11 .
131