1.\" Copyright (c) 2008  Peter Pentchev
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.Dd June 8, 2008
26.Dt AESCRYPT 1
27.Os
28.Sh NAME
29.Nm aescrypt
30.Nd encrypt data using Rijndael, the Advanced Encryption Standard winner
31.Sh SYNOPSIS
32.Nm
33.Fl k
34.Ar keyfile
35.Op Fl s Ar keysize
36.Sh DESCRIPTION
37The
38.Nm
39utility encrypts data using the Rijndael algorithm, the winner of
40the Advanced Encryption Standard (AES) competition.
41The encryption is done in Cipher Block Feedback (CFB-128) mode, with
42the salt randomly generated from data read from the
43.Pa /dev/urandom
44device.
45The plaintext data is read from standard input and the encrypted data
46is written to standard output.
47.Pp
48The encryption key may be read from standard input or from a file,
49depending on the argument passed to the
50.Fl k
51command-line option.
52If
53.Dq -
54is used as a filename, the
55.Nm
56utility reads as many hexadecimal digits as needed from standard input
57and then one additional byte to allow for a newline separating the key
58from the actual data to be encrypted.
59If the filename is not
60.Dq - ,
61the
62.Nm
63utility opens the specified file and reads text lines from it until
64a line starting with the characters
65.Li kk=
66is reached.
67Those characters should be immediately followed by as many hexadecimal
68digits as needed; the rest of the line, as well as the rest of the file,
69is ignored.
70.Pp
71The encryption key may be 128, 192, or 256 bits long.
72By default, the
73.Nm
74utility uses (and expects to read) a 128-bit key, unless a different size
75is supplied by the
76.Fl s Ar keysize
77command-line option.
78.Pp
79The
80.Nm
81utility reads 16 bytes (128 bits) from the
82.Pa /dev/urandom
83device to initialize the salt for the CFB-128 encryption.
84The salt is prepended to the encrypted data in the output.
85.Sh EXAMPLES
86Generate a random 128-bit value and store it into a keyfile suitable for the
87.Nm
88utility:
89.Pp
90.Dl perl -e 'open(F, \&"<", \&"/dev/random") or die(\&"$!\en"); read(F, $s, 32); print \&"kk=".unpack("H*", $s).\&"\en"'
91.Pp
92Encrypt the contents of the
93.Pa /etc/hosts
94file with the generated (128-bit by default) key:
95.Pp
96.Dl aescrypt -k key.txt < /etc/hosts > hosts.aes
97.Pp
98Encrypt a string with a 192-bit key supplied directly:
99.Pp
100.Dl (echo '012345678901234567890123456789012345678901234567'; echo 'This is a test.') | ./aescrypt -s 192 -k - > test.aes
101.Sh SEE ALSO
102.Xr aesget 1
103.Pp
104The SourceForge project page: http://sourceforge.net/projects/aescrypt/
105.Sh HISTORY
106The
107.Nm
108utility was written by
109.An Eric Lee Green ,
110and was modified to use Rijndael rather than Twofish by
111.An Randy Kaelber .
112It uses the freely available Rijndael implementation by
113.An Antoon Bosselaers
114and
115.An Vincent Rijmen .
116This manual page was written by
117.An Peter Pentchev
118in 2008.
119.Sh AUTHORS
120The
121.Nm
122utility -
123.An -nosplit
124.An Eric Lee Green
125.Aq eric@badtux.org ,
126.An Randy Kaelber
127.Aq randyk@sourceforge.net .
128.Pp
129The manual page -
130.An Peter Pentchev
131.Aq roam@ringlet.net .
132