The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

skiencrypt (1)
  • >> skiencrypt (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • 
    NAME
         skiencrypt - encrypt file
    
    SYNOPSIS
         skiencrypt [-b] [-s | -v] [-a encr_alg] [-i input_file]
         [-o output_file] [-p | [-r recipient_certificate_file]
         [ recipient... ]]
    
         skiencrypt [-b] [-s | -v] [-x [-c cipher_file]]
         [-a encr_alg] [-i input_file] [-o output_file]
         [-p | [-r recipient_certificate_file] [ recipient... ]]
    
    AVAILABILITY
         SUNWski
    
    DESCRIPTION
         The  skiencrypt  utility  encrypts  the  data  provided   in
         input_file.  If no input_file is provided, the input data is
         read from stdin.  Any data encrypted  using  the  skiencrypt
         utility  may  be  subsequently  decrypted  using  the skide-
         crypt(1) utility.
    
         skiencrypt encrypts data using  a  content-encryption  (ses-
         sion)   key   for  the  encryption  mechanism  specified  by
         encr_alg. If no encryption mechanism is given,  the  default
         (RC4 with 128-bit session key) is used.
    
         The session key is generated randomly  and  encrypted  under
         the  public key of the intended recipient.  If more than one
         recipient is given, the  (same)  session  key  is  encrypted
         under  each  recipient's public key.  Each recipient must be
         specified as either an X.500 distinguished  name  in  string
         representation  (for  example, "cn=John Smith, o=SUN, c=US")
         or a username.  The public keys of the  intended  recipients
         may  also be provided in a file, recipient_certificate_file,
         which contains the certificate of each intended recipient.
    
         If no recipient and  recipient_certificate_file  are  given,
         the  session  key  is  encrypted under the user's own public
         key.
    
         If the -p option is used, the selected encryption  algorithm
         is used in password-based mode. In this mode, the encryption
         key is derived from a password (rather than being  generated
         randomly).  Therefore, no key infrastructure is required for
         password-based encryption.  skiencrypt will prompt the  user
         for  a  password  from  which the encryption key is derived.
         Currently, only DES can be used in password-based encryption
         mode.
    
         The encrypted data (ciphertext) and the encryption  informa-
         tion  are  formatted  as  a  PKCS  #7  message and stored in
         output_file (or stdout). The content type  of  the  PKCS  #7
         message  is "enveloped-data"; if the -p option is used, how-
         ever, the content type is "encrypted-data".
    
         By default, the ciphertext and  the  encryption  information
         are stored together.
    
         If the -x option is provided,  however,  the  ciphertext  is
         stored  separately  from the encryption information. In this
         case, it is the user's responsibility to associate the  file
         containing  the  ciphertext  with  the  file  containing the
         encryption information.
    
         If any of the files with automatically  generated  filenames
         already  exist,  the  skiencrypt command exits with an error
         message.
    
         skiencrypt requires that the user has registered his or  her
         private key with the SKI keyserver (see skilogin(1)).
    
    OPTIONS
         The following options are supported:
    
         -b      Add  BEGIN  and  END  boundaries  to  the  generated
                 encryption  information  and ciphertext messages (by
                 default, no boundaries are added).
    
         -p      Use selected encryption algorithm in  password-based
                 encryption mode.
    
         -s      Run application silently (no status or error  infor-
                 mation displayed).
    
         -v      Give verbose output. If  both  the  -v  and  the  -s
                 options are specified, the -v option is ignored.
    
         -x      Store the ciphertext separately from the  encryption
                 information   (default:  ciphertext  and  encryption
                 information are stored  together).   The  encryption
                 information  is  formatted  according to PKCS #7 and
                 stored in the  file  specified  by  output_file  (or
                 stdout)  in  the printable encoding format specified
                 in the Internet RFC1421 standard.  The ciphertext is
                 stored in cipher_file in the same printable encoding
                 format.  If no cipher_file is provided, the  cipher-
                 text  is  stored  in  a  file named after the output
                 file, suffixed by ".cipherdata".  If the  encryption
                 information  is  output to stdout (no output_file is
                 given), the ciphertext is stored  in  a  file  named
                 "cipherdata"  in  the current working directory.  If
                 the -b option has  been  specified,  the  ciphertext
                 will be bounded at the beginning by
                 "-----BEGIN ENCRYPTED DATA-----"
                 and will be bounded at the end by
                 "-----END ENCRYPTED DATA-----".
    
         -a encr_alg
                 Encryption mechanism.  In the U.S. domestic version,
                 supported  encryption  mechanisms  are "des" (DES in
                 CBC mode with an effective key  size  of  56  bits),
                 "des3"  (triple-length  DES in CBC mode), "rc2" (RC2
                 in CBC mode with a 128 bit keysize and an  effective
                 key size of 128 bits), and "rc4" (RC4 with a 128 bit
                 keysize). In  order  to  enable  domestic  sites  to
                 exchange  encrypted  messages with global sites, the
                 domestic version also supports "des_exp" (DES in CBC
                 mode  with  an  effective  key  size  of  40  bits),
                 "rc2_exp" (RC2 in CBC mode with a 40  bit  key  size
                 and an effective key size of 40 bits), and "rc4_exp"
                 (RC4 with a 40  bit  key  size)  as  its  encryption
                 mechanisms.  The default encryption algorithm in the
                 domestic version  is  "rc4",  unless  password-based
                 encryption  is  used  (option -p), in which case the
                 default encryption algorithm is "des".
    
                 In the global version, supported encryption  mechan-
                 isms  are  "des_exp" (DES in CBC mode with an effec-
                 tive key size of 40 bits),  "rc2_exp"  (RC2  in  CBC
                 mode  with  a  40  bit key size and an effective key
                 size of 40 bits), and "rc4_exp" (RC4 with a  40  bit
                 key  size).  The default encryption algorithm in the
                 global version is "rc4_exp",  unless  password-based
                 encryption  is  used  (option -p), in which case the
                 default encryption algorithm is "des_exp".
    
         -c cipher_file
                 File where ciphertext is stored (only  evaluated  if
                 the  -x option has been supplied).  If the -b option
                 has been specified, the ciphertext will  be  bounded
                 at the beginning by
                 "-----BEGIN ENCRYPTED DATA-----"
                 and will be bounded at the end by
                 "-----END ENCRYPTED DATA-----".
    
         -i input_file
                 File containing the data to be encrypted.
    
         -o output_file
                 File  where  encryption   information   (i.e.,   the
                 content-encryption   mechanism  and  optionally  the
                 (encrypted) content-encryption key  for  each  reci-
                 pient)  and  optionally  ciphertext  are stored. The
                 output format is compliant with PKCS #7. The encryp-
                 tion  information  contains the (encrypted) content-
                 encryption key for each recipient and  the  content-
                 encryption  mechanism that was used, and the content
                 type of the PKCS #7 message is "enveloped-data";  if
                 the  -p option was used (password-based encryption),
                 the  encryption  information   only   contains   the
                 content-encryption  mechanism that was used, and the
                 content type of the PKCS #7 message  is  "encrypted-
                 data".
    
                 If the encryption  information  and  ciphertext  are
                 stored  together  (default),  and  the -b option has
                 been specified, the resulting PKCS #7  message  will
                 be bounded at the beginning by
                 "-----BEGIN ENCRYPTION INFO AND ENCRYPTED DATA-----"
                 and will be bounded at the end by
                 "-----END ENCRYPTION INFO AND ENCRYPTED DATA-----".
                 If the encryption  information  and  ciphertext  are
                 stored  separately  (see option -x),andthe -b option
                 has been specified, the resulting  PKCS  #7  message
                 will be bounded at the beginning by
                 "-----BEGIN ENCRYPTION INFO-----"
                 and will be bounded at the end by
                 "-----END ENCRYPTION INFO-----".
    
         -r recipient_certificate_file
                 File where the certificates of  the  intended  reci-
                 pients  of  the ciphertext are stored. Each certifi-
                 cate in this file is assumed to  have  already  been
                 verified  by  some  out-of-band  mechanism (e.g., by
                 comparing the digest of each  certificate  with  the
                 digest  generated  by  the source which provided the
                 certificate).  This option is useful if  the  public
                 key  of  an intended recipient is not available from
                 the   naming   service.    Each    certificate    in
                 recipient_certificate_file  must  be  bounded at the
                 beginning by
                 "-----BEGIN CERTIFICATE-----"
                 and bounded at the end by
                 "-----END CERTIFICATE-----".
                 Each of the boundaries must be followed  by  a  NEW-
                 LINE. Please refer to the example below.
    
    EXAMPLES
         This example encrypts the file "appl" under the  public  key
         of  "o=SUN,  c=US"  and stores the ciphertext along with the
         encryption information in the file "appl.enc":
    
              example% skiencrypt -i appl -o appl.enc  "o=SUN, c=US"
    
         The following example encrypts the  file  "appl"  under  the
         public key of the user with username "alice". The encryption
         information is  stored  in  the  file  "encrinfo",  and  the
         ciphertext    is    stored    separately    in    the   file
         "encrinfo.cipherdata":
    
              example% skiencrypt -x -i appl -o encrinfo alice
    
         The following example encrypts the  file  "appl"  under  the
         public key of the user with username "alice". The encryption
         information is output to stdout  (and  redirected  into  the
         file "encrinfo"), and the ciphertext is stored separately in
         the default file "cipherdata":
    
              example% skiencrypt -x -i appl alice > encrinfo
    
         The following example encrypts the input file  "appl"  under
         the  public  key of the user with username "alice". In addi-
         tion, the input file is encrypted under the  public  key  of
         each  certificate stored in the file rcpt_certs. The result-
         ing ciphertext and encryption information are stored in  the
         file "encrypted":
    
              example% skiencrypt  -i  appl  -r  rcpt_certs  alice  >
              encrypted
    
         rcpt_certs should have the following format:
    
         -----BEGIN CERTIFICATE-----
         MIIBRDCB7wIEMe0zZzANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkzNVoXDTk5MDcxNzE4MzkzNVowPTELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEPMA0GA1UEDRQGZHVtbXkxMQ8wDQYDVQQD
         FAZkdW1teTEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAt9LgN5oT1WtlCJFXLmhc
         SY4kN7OcNkBYq9iT4R8K0uZIrgp9/hSe0DFgQaAZkIUjqB0YkeIFPmy6/K3bp0l9
         1QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAdolKCynL2WjOxHmmsRbEg51dwB2u/ExM
         2ZMaZvLMXHX5VIsjxfLSCXu3iI/RdMIi5dGfZhrp2XBkg0gkii+Mkw==
         -----END CERTIFICATE-----
         -----BEGIN CERTIFICATE-----
         MIIBSjCB9QIEMe0zYTANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkyOVoXDTk5MDcxNzE4MzkyOVowQzELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEQMA4GA1UEDRQHY2hhcmxpZTEUMBIGA1UE
         AxQLY2hhcmxpZSBsYWkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxQzeNvx72Dkp
         GI9r6hALR3nVBG13PA/2wKrsT25xQGoSp104klnVgRfp4mbeiHEIfKG7Q9Z0bOei
         luT4fG5EQQIDAQABMA0GCSqGSIb3DQEBBAUAA0EAUahDuBR5ONKIGvV4wvk2ZfVi
         ms2TwKEDhtAkdQe0B3xeZk7e1/h6iK8QrXz2VtSCXde4onRr84Afj8je5gAkoQ==
         -----END CERTIFICATE-----
    
    EXIT STATUS
         The skiencrypt command exits with 0 if successful and 1 oth-
         erwise.
    
    SEE ALSO
         skidecrypt(1), skisign(1), skiverify(1), skilogin(1)
    
    
    NOTES
         For software shipped outside North America, the key size  of
         the  (symmetric)  encryption/decryption mechanism is limited
         to 40 bits. Also, triple DES is not permitted. In  the  case
         of the RC2 encryption algorithm, an effective key size of 40
         bits is used.
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру