Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
AESCRYPT(1)		  BSD General Commands Manual		   AESCRYPT(1)

     aescrypt -- encrypt data using Rijndael, the Advanced Encryption Standard

     aescrypt -k keyfile [-s keysize]

     The aescrypt utility encrypts data	using the Rijndael algorithm, the win-
     ner of the	Advanced Encryption Standard (AES) competition.	 The encryp-
     tion is done in Cipher Block Feedback (CFB-128) mode, with	the salt ran-
     domly generated from data read from the /dev/urandom device.  The plain-
     text data is read from standard input and the encrypted data is written
     to	standard output.

     The encryption key	may be read from standard input	or from	a file,	de-
     pending on	the argument passed to the -k command-line option.  If "-" is
     used as a filename, the aescrypt utility reads as many hexadecimal	digits
     as	needed from standard input and then one	additional byte	to allow for a
     newline separating	the key	from the actual	data to	be encrypted.  If the
     filename is not "-", the aescrypt utility opens the specified file	and
     reads text	lines from it until a line starting with the characters	kk= is
     reached.  Those characters	should be immediately followed by as many
     hexadecimal digits	as needed; the rest of the line, as well as the	rest
     of	the file, is ignored.

     The encryption key	may be 128, 192, or 256	bits long.  By default,	the
     aescrypt utility uses (and	expects	to read) a 128-bit key,	unless a dif-
     ferent size is supplied by	the -s keysize command-line option.

     The aescrypt utility reads	16 bytes (128 bits) from the /dev/urandom de-
     vice to initialize	the salt for the CFB-128 encryption.  The salt is
     prepended to the encrypted	data in	the output.

     Generate a	random 128-bit value and store it into a keyfile suitable for
     the aescrypt utility:

	   perl	-e 'open(F, "<", "/dev/random")	or die("$!\n");	read(F,	$s,
	   32);	print "kk=".unpack("H*", $s)."\n"'

     Encrypt the contents of the /etc/hosts file with the generated (128-bit
     by	default) key:

	   aescrypt -k key.txt < /etc/hosts > hosts.aes

     Encrypt a string with a 192-bit key supplied directly:

	   (echo '012345678901234567890123456789012345678901234567'; echo
	   'This is a test.') |	./aescrypt -s 192 -k - > test.aes


     The SourceForge project page:

     The aescrypt utility was written by Eric Lee Green, and was modified to
     use Rijndael rather than Twofish by Randy Kaelber.	 It uses the freely
     available Rijndael	implementation by Antoon Bosselaers and	Vincent
     Rijmen.  This manual page was written by Peter Pentchev in	2008.

     The aescrypt utility - Eric Lee Green <>, Randy Kaelber

     The manual	page - Peter Pentchev <>.

BSD				 June 8, 2008				   BSD


Want to link to this manual page? Use this URL:

home | help