rscrypt-enc(1)
NAME
rscrypt-enc - encrypt files
DESCRIPTION
This command encrypts INFILE to OUTFILE. If INFILE is "-", data will be read from standard input. If OUTFILE is not specified, the result will be write to standard output.
The passphrase used for encryption can be read from either /dev/tty, standard
input, an environment variable, or a file.
POSITIONAL ARGUMENTS
- INFILE
Input file. If "-" is specified, data will be read from standard input.
- OUTFILE
Output file. If OUTFILE is not specified, the result will be write to standard output.
OPTIONS
- -f, --force
Force the decryption to proceed even if it requires an excessive amount of resources.
- -M, --max-memory BYTE
Use at most the specified bytes of RAM to compute the derived key. BYTE can also be provided as bytes with the unit symbol (such as MiB and GB). BYTE should be between 1 MiB and 16 EiB.
- -m, --max-memory-fraction RATE
Use at most the specified fraction of the available RAM to compute the derived key. RATE can be provided as a decimal or a fraction. RATE should be greater than 0 and less than or equal to 0.5. Default is 0.125.
- -t, --max-time DURATION
Use at most the specified duration of CPU time to compute the derived key. Default is 5 seconds.
- --log-n VALUE
Set the work parameter N to 2^VALUE. VALUE should be between 10 and 40. If this option is specified, -r and -p must also be specified.
- -r VALUE
Set the work parameter r. VALUE should be between 1 and 32. If this option is specified, --log-n and -p must also be specified.
- -p VALUE
Set the work parameter p. VALUE should be between 1 and 32. If this option is specified, --log-n and -r must also be specified.
- --passphrase-from-tty
Read the passphrase from
/dev/tty. This is the default behavior.- --passphrase-from-stdin
Read the passphrase from standard input. This option cannot be used if INFILE is also standard input.
- --passphrase-from-tty-once
Read the passphrase from
/dev/ttyonly once.- --passphrase-from-env VAR
Read the passphrase from the environment variable. Note that storing a passphrase in an environment variable can be a security risk.
- --passphrase-from-file FILE
Read the passphrase from the file. Note that storing a passphrase in a file can be a security risk.
- -v, --verbose
Print encryption parameters and resource limits.
- -h, --help
Print help message. The short flag (-h) will print a condensed help message while the long flag (--help) will print a detailed help message.
- -V, --version
Print version number. The long flag (--version) will also print the copyright notice, the license notice and where to report bugs.
EXIT STATUS
- 0
Successful program execution.
- 1
An error occurred.
- 2
An error occurred while parsing command-line arguments.
- 7
Data was not a valid scrypt-encrypted block.
- 8
The version was the unrecognized scrypt version number.
- 9
Decrypting files takes too much memory.
- 10
Decrypting files takes too much CPU time.
- 11
Passphrase is incorrect.
- 14
The scrypt parameters were invalid.
- 15
Decrypting files takes too much resources.
- 66
An input file did not exist or was not readable.
- 77
You did not have sufficient permission to perform the operation.
EXAMPLES
- Encrypt a file:
$ rscrypt enc data.txt data.txt.scrypt
- Encrypt a file with the specified resource limits:
$ rscrypt enc -M 512MiB -t 10s data.txt data.txt.scrypt
- Encrypt a file with the specified parameters:
$ rscrypt enc --log-n 10 -r 1 -p 1 data.txt > data.txt.scrypt
- Read the passphrase from the specified file:
$ rscrypt enc --passphrase-from-file passphrase.txt data.txt data.txt.scrypt
- Print encryption parameters and resource limits:
$ rscrypt enc -v data.txt > data.txt.scrypt
COPYRIGHT
Copyright © 2022-2024 Shun Sakai
This program is distributed under the terms of the GNU General Public License v3.0 or later.
This manual page is distributed under the terms of the Creative Commons Attribution 4.0 International Public License.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.