Provided by: kcapi-tools_1.1.3-1_amd64 bug


       kcapi-enc - Kernel Crypto API Symmetric Cipher Crypto Helper


       kcapi-enc [OPTION]


       The  kcapi-enc  application provides tool to use the symmetric ciphers of the Linux kernel
       crypto API from the command line.

       The input data can be provided either via STDIN or via a file that is  referenced  with  a
       command  line  option.  Similarly, the output data can either be sent to a file referenced
       with a command line option or to STDOUT.

       The majority of symmetric ciphers are  block  ciphers  requiring  the  input  data  to  be
       multiples  of  the  block  size.   kcapi-enc  automatically  adds padding when using block
       ciphers and input data whose size is not a multiple of  the  cipher's  block  size  during
       encryption.  An  automated  unpadding during decryption is only applied when the input and
       output data is provided as files. If either the input data is provided via  STDIN  or  the
       output data is obtained via STDOUT, the unpadding is not applied.

       The  used padding schema is consistent with OpenSSL's enc application. Data encrypted with
       OpenSSL's enc tool can be decrypted with kcapi-enc and vice versa.

       The symmetric key used for the cryptographic operation can either be provided via  a  file
       descriptor  or  via  a  password. When using a file descriptor, the provided data is taken
       directly as the symmetric key.  As the Linux kernel crypto API does not  allow  specifying
       the  used  key  size  with  the  cipher  algorithm name (e.g. AES-128 or AES-256 cannot be
       specified, but only AES), the size of the provided key defines which cipher  operation  is
       used.  When providing a password, the kcapi-enc application derives a 256 bit key from the
       password using PBKDF2.  PBKDF2 with HMAC-SHA256 as default transforms the password into  a
       key.   The  PBKDF2 operation requires two additional input values: a salt and an iteration
       count. Both can be provided via the command line. If the iteration count is not specified,
       kcapi-enc  determines  the  iteration count internally by counting how many iterations are
       necessary to surpass 100ms operation time. The determined number is  provided  via  STDERR
       and  must  be  re-used  when  decrypting the data. If the salt is not provided via command
       line, kcapi-enc generates a 256 bit salt  and  sends  its  hexadecimal  representation  to
       STDERR.  This salt must be used during decryption to ensure the PBKDF2 operation generates
       the correct symmetric key.

       The following options are supported when invoking kcapi-enc:

       -c, --cipher NAME
              The NAME argument specifies the symmetric cipher to be used.  The  allowed  ciphers
              are  defined  by  the Linux kernel. Currently registered ciphers can be reviewed at
              /proc/crypto.  The content of this file, however, can change when new  ciphers  are
              registered. The NAME argument is given directly to the Linux kernel crypto API. The
              chosen cipher must be either of  type  skcipher  or  of  type  aead  as  marked  in

       -e, --encrypt
              Perform  an  encryption  operation  on the input data. This is the default behavior
              which implies that this option can be skipped.  The  input  data  is  automatically
              padded  if  the  the  data  size  is not a multiple of the block size of the chosen

       -d, --decrypt
              Perform a decryption operation on the input data. Automated unpadding is  performed
              only  when  the  input  and  output  data is provided via files referenced with the
              command line options.

       -i, --infile FILE
              Use the file referenced with FILE  as  the  input  data.  If  this  option  is  not
              provided, kcapi-enc expects the input data via STDIN.

       -o, --outfile FILE
              Use  the  file  referenced  with  FILE  as  the  destination  for the output of the
              cryptographic operation. If this option is not provided, kcapi-enc will provide the
              output via STDOUT.

       --iv IV
              Use  the IV data as initialization vector for the cryptographic operation.  That IV
              value is expected to be a hexadecimal notation and must match the block size of the
              chosen  cipher. When the CTR block chaining mode is used, the IV value is the start
              value of the  counter.  When  using  the  CCM  cipher,  the  IV  must  specify  the
              initialization  vector.  If  the  CCM nonce should be specified instead, the option
              --ccm-nonce must be used instead.

       --aad AAD
              For AEAD ciphers like CCM, GCM or the authenc ciphers of the  Linux  kernel  crypto
              API, the additional authentication data can be provided with the AAD parameter. The
              data is expected in hexadecimal format.

       --tag TAG
              The AEAD tag value required for the decryption operation is provided with  the  TAG
              parameter. This parameter is expected in hexadecimal format.

       --taglen LENGTH
              During  encryption  operation  of  AEAD  ciphers,  the  tag  is  generated.  It  is
              permissible to generate differently sized tags where the parameter LENGTH specifies
              the size of the tag value to be generated in bytes.

       --ccm-nonce NONCE
              Use  the  NONCE  data as CCM nonce as defined in SP800-38C Appendix A.2. That NONCE
              value is expected to be a hexadecimal notation and must match  the  constraints  of
              SP800-38C Appendix A.2.

       --salt SALT
              When performing the PBKDF2 operation to obtain the symmetric key from the password,
              the SALT value is used as one input parameter. To ensure the same symmetric key  is
              generated  from  a  given  password, the same salt value must be used. This implies
              that during decryption, the same salt used during the encryption operation must  be
              referenced.   kcapi-enc  is  unable  to determine whether the symmetric key derived
              from the password is the correct one to decrypt the data, because any symmetric key
              will  always  successfully  decrypt  data. Yet, the resulting data may be different
              from what is expected.

       -p, --passwd PASSWORD
              The PASSWORD parameter provides the  password  from  which  the  symmetric  key  is
              derived  used  to  encrypt or decrypt the data.  WARNING The password provided with
              the command line can be seen from other applications or users when  inspecting  the
              /proc file system! Thus, a password SHOULD NOT be used via the command line and the
              passwdfd option should be used instead.

       --passwdfd FD
              Instead of providing the password via command line, it can be injected into  kcapi-
              enc  using  a file descriptor. The file descriptor number the password will be send
              through can be provided with the FD option.

       --pbkdfiter NUM
              Perform NUM iterations of the PBKDF2 operation to derive  the  symmetric  key.   If
              this  option  is  not supplied, kcapi-enc determines a number of iterations that is
              large enough to surpass  100ms  operational  time  for  the  PBKDF2  function.  The
              determined  iteration number is logged and must be reused if the same symmetric key
              is to be generated from the same password.

       --pbkdfmac MAC
              Use the keyed message digest referenced with MAC for the PBKDF2 operation. If  this
              option is not supplied, the default of hmac(sha256) is used.

       --keyfd FD
              To  provide  a symmetric key that is directly used for the cryptographic operation,
              the file descriptor referenced with FD must be used. Using  a  file  descriptor  is
              intentionally the only way to provide a symmetric key to kcapi-enc.

              During  decryption  and  when  the input data is provided via a file as well as the
              output is written to a file, kcapi-enc automatically tries to detect a padding  and
              removes  the  padding data. If this automated unpadding is not desired, the nounpad
              option will prevent the unpadding.

       -v, --verbose
              Enable a  verbose  operation  of  kcapi-enc.   Using  this  option  multiple  times
              increases the verbosity.

       -q, --quiet
              Prevent the generation of any log output. Note, some log output would be needed for
              proper operation like the display  of  the  number  of  PBKDF2  iterations  or  the
              internally generated PBKDF2 salt.  During quiet operation, none of this information
              is displayed.  Note, both information can also be supplied via the command line  so
              that kcapi-enc does not need to generate this information.

       -h, --help
              Display the help text.

              Display the version number of the kcapi-enc application.


       kcapi-dgst(1) kcapi-rng(1)

                                            2017-08-14                               KCAPI-ENC(1)