Cipher
The cipher program encrypts plaintext or decrypts ciphertext.
We list a few examples of the cipher command here to illustrate its usefulness and ease of use. To get started, lets encrypt a text file:
cipher -verbose README.txt README.cip
The cipher attributes are displayed and looks like this:
Filename: README.cip
Cipher:
type: AES
mode: CTR
nonce: 85b5546f57c760620000000000000000
Authenticate:
method: Secret
Key:
hash: SHA256
length: 512
session: b69f10215a7b65043faa45443017a8fccacecdd04073d1b9895bdd3a5eb8ace1
Entropy Generator:
type: BZip
level: 6
Keyed-Hashed Message Authentication Code:
hash: SHA256
Random Generator:
hash: SHA256
Chunksize: 8kb
Dates:
modify: 2008-01-19T20:41:19-05:00
create: 2008-01-23T15:10:47-05:00
timestamp: 2008-01-23T15:13:44-05:00
Protocol: 1.0
Version: WizardsToolkit 1.0.3 01/23/08 http://urban-warrior.org
Now lets restore it back to its original form:
cipher -decrypt README.cip README.txt
To ensure your ciphertext is not easily revealed, the cipher program takes these precautions:
Passphrase
From the command line you can specify a passphrase up to 4096 characters. The phrase can be virtually unlimited if obtained from a file. Try to make your passphrases long and unpredictable.
Entropy
If the cipher program appears to halt it may be waiting for your system to generate entropy. Move your mouse or press keystrokes in another window. Once enough entropy is generated, the cipher program will complete.
Exceptions
If simple mistakes are made, an exception message is displayed. For example if you use '-dcrypt' instead of '-decrypt', cipher complains. However, if anything goes wrong inside the cipher engine, the program exits with a simple status code. This precaution is to prevent information leaks about the cipher process.
The cipher command recognizes these options. Click on an option to get more details about how that option works.
| Option | Description |
|---|---|
| -authenticate method | authenticate with this method: Secret or Public |
| -chunksize bytes | number of bytes in a chunk |
| -cipher type | cipher to encrypt or decrypt content |
| -decrypt | decrypt content |
| -debug events | display copious debugging information |
| -entropy type | increase content entropy |
| -help | print program options |
| -key hash | strengthen the key with this hash |
| -key-length value | cipher key length in bits: 256, 512, 1024, or 2048 |
| -mac hash | ensure message integrity with this hash |
| -level value | entropy level: 1 (less entropy) to 9 (more entropy) |
| -list type | print a list of supported option arguments |
| -log format | format of debugging information |
| -mode type | mode of encryption or decryption |
| -passphrase filename | get the passphrase from this file |
| -properties filename | cipher properties to/from this file |
| -random hash | strengthen random data with this hash |
| -verbose | print detailed information about the secure content |
| -version | print version information |