|Force output on standard output or input from stdin if that is a terminal. By default mcrypt will not output encrypted data to terminal, nor read encrypted data from it.|
|Use gzip (if it exists in your system) to compress files before encryption. If specified at decryption time it will decompress these files.|
|Use bzip2 (if it exists in your system) to compress files before encryption. If specified at decryption time it will decompress these files.|
|This option will enable compression in OpenPGP (RFC2440) encrypted files.|
|--help||Display a help screen and quit.|
|Version. Display the version number and quit.|
|Display the mcrypts license and quit.|
|-o --keymode MODE|
|MODE may be one of the keymodes listed by the --list-keymodes parameter. It actually is the convertion to the key before it is fed to the algorithm. It is recommended to leave it as is, if you do not know what it is. However if you still want to use this option, you might want to use the hex mode which allows you to specify the key in hex (and no convertion will by applied).|
|-h --hash HASH_ALGORITHM|
|HASH_ALGORITHM may be one of the algorithms listed by the --list-hash parameter. This is the digest that will be appended to the file to be encrypted, in order to detect file corruption. The default is the CRC32 checksum.|
|-s --keysize SIZE|
|SIZE is the algorithms key size in bytes (not the size of the passphrase). It defaults to the maximum key supported by the algorithm. The maximum key sizes of the algorithms may be obtained by the --list parameter. It is safe not to touch this.|
|This option will make mcrypt to use the OpenPGP (RFC2440) file format for encrypted files. This will make files encrypted by mcrypt accessible from any OpenPGP compliant application.|
|No important information like the algorithm, mode, the bit mode and the crc32 of the original file are written in the encrypted file. The security lies on the algorithm not on obscurity so this is NOT the default. This flag must also be specified when decrypting a bare encrypted file. When the bare flag is specified decryption and encryption are faster. This may be usefull when using mcrypt to encrypt a link or something like that.|
|Flushes the output (ciphertext or plaintext) immediately. Usefull if mcrypt is used with pipes.|
|--time||Prints some timing information (encryption speed etc.)|
|When this option is specified mcrypt does not delete the output file, even if decryption failed. This is usefull if you want to decrypt a corrupted file.|
|Suppress some not critical warnings.|
|Unlink (delete) the input file if the whole process of encryption/decryption succeeds. This is not the default in order to use an external program to remove sensitive data.|
|--list||Lists all the algorithms current supported.|
|Lists all the key modes current supported.|
|Lists all the hash algorithms current supported.|
|Use /dev/(s)random instead of /dev/urandom. This may need some key input or mouse move to proceed. If your system does not support /dev/random or /dev/urandom, a random gatherer will be used.|
|-k --key KEY1 KEY2 ...|
|Enter the keyword(s) via the command line. The KEY(s) is/are then used as keyword instead of prompting for them. Keep in mind that someone may see the command you are executing and so your keyword(s).|
|-c --config FILE|
Use the specified configuration file. The default is .mcryptrc
in your home directory. The format of the configuration
file is the same as the parameters. An example file is:
|-f --keyfile FILE|
|Enter the keyword(s) via a file. One keyword is read per line. The first keyword read is used for the first file, the second for the second file etc. If the keywords are less than the files then the last keyword is used for the remaining. A limitation is that you cannot use the NULL (\0) and the Newline (\n) character in the key. A solution to this problem is to specify the keyword in hex mode.|
|-m --mode MODE|
|Mode of encryption and decryption. These modes are currently supported: ECB, CFB, OFB, nOFB, CBC and STREAM. CBC is the default. Unless the bare flag is specified there is no need to specify these modes for decryption. For stream algorithms (like WAKE) mode should be STREAM.|
|-a --algorithm ALGORITHM|
The algorithm used to encrypt and decrypt. Unless the bare flag is specified
there is no need to specify these for decryption.
The algorithms currently supported are shown with the --list parameter.
For mcrypt to be compatible with the solaris des(1) , the following parameters are needed: "mcrypt -a des --keymode pkdes --bare --noiv filename".
For mcrypt to be compatible with the unix crypt(1) , the following parameters are needed: "mcrypt -a enigma --keymode scrypt --bare filename".
To encrypt a file using a stream algorithm (eg. Arcfour), the following parameters are needed: "mcrypt -a arcfour --mode stream filename".
Mcrypt uses the following environment variables:
MCRYPT_KEY: to specify the key
MCRYPT_ALGO: to specify the algorithm
MCRYPT_MODE: to specify the algorithms mode
MCRYPT_KEY_MODE: to specify the key mode
You can use these instead of using the command line (which is insecure), but note that only one key should be used in MCRYPT_KEY.
Exit status is normally 0; if an error occurs, exit status is something other than 0.
Usage: mcrypt [-dLFubhvrzp] [-f keyfile] [-k key1 key2 ...] [-m mode] [-o keymode] [-a algorithm] [-c config_file] [filename ...]
Version 2.6.0 Copyright (C) 1998,1999,2000,2001,2002 Nikos Mavroyanopoulos (firstname.lastname@example.org).
Thanks to all the people who reported problems and suggested various improvements for mcrypt; who are too numerous to cite here.
|local||MCRYPT (1)||03 May 2003|