120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
-
-
+
+
-
-
-
+
+
+
|
<dl>
<dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt>
<dd>Initialization vector (IV) to use. Required for some ciphers and GMAC.
Cipher modes CBC, CFB, OFB and CTR all need an IV while ECB mode does not.
A new, random IV should be created for each use. Think of the IV as a nonce
(number used once), it's public but random and unpredictable. See the
<a href="#tls::cipher"><b>tls::cipher</b></a> command for iv size and
when required.</dd>
<a href="#tls::cipher"><b>tls::cipher</b></a> for iv_length and
when required (length > 0). If not set, it will default to \x00 fill data.</dd>
</dl>
<dl>
<dt><a name="-key"><strong>-key</strong> <em>string</em></a></dt>
<dd>Encryption key to use for cryptography function. Can be a binary or
text string. Longer keys provide better protection. Used by ciphers, HMAC,
some CMAC, and some KDF implementations. Key lengths less than <b>key_length</b>
size may be padded or rejected. See the
<a href="#tls::cipher"><b>tls::cipher</b></a> command for key size.</dd>
some CMAC, and some KDF implementations. If the length of the key is <
<b>key_length</b> it will be padded. If > key_length, it will be rejected.
See the <a href="#tls::cipher"><b>tls::cipher</b></a> for key_length.</dd>
</dl>
<dl>
<dt><a name="-mac"><strong>-mac</strong> <em>name</em></a></dt>
<dd>Name of Message Authentication Code (MAC) to use.
See <a href="#tls::mac"><b>tls::macs</b></a> for the valid values.</dd>
</dl>
|
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
-
+
+
|
<dl>
<h4>Info Commands</h4>
<dt><a name="tls::cipher"><strong>tls::cipher</strong> <em>name</em></a></dt>
<dd>Return a list of property names and values describing cipher
<i>name</i>. Properties include name, description, block_size,
key_length, iv_length, type, and mode list.</dd>
key_length, iv_length, type, and mode list. If block-size is 1,
then it's a stream cipher, otherwise it's a block cipher.</dd>
<dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
<em>?protocol? ?verbose? ?supported?</em></a></dt>
<dd>Without any args, returns a list of all symmetric ciphers for use with
the <a href="#-cipher"><b>-cipher</b></a> option. With <em>protocol</em>,
only the ciphers supported for that protocol are returned. See
<b>tls::protocols</b> command for the supported protocols. If
|
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
|
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
|
-
+
-
+
|
<dd>Removes the top level cryptographic transform from channel <em>channelId</em>.</dd>
<br>
<h4>Encryption and Decryption Commands</h4>
<dt><a name="tls::encrypt"><strong>tls::encrypt</strong>
<b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
<b>-data</b><em> data]</em></a></dt>
<dd>Encrypt the data using cipher <em>cipher</em> and output the result per
the I/O options. Ciphers are used to create the cipher text from the
input data. See <a href="#OPTIONS"><b>options</b></a> for usage
info. Option <b>-iv</b> is only used for some ciphers. See the
"<b>tls::cipher</b> <em>cipher</em>" command for key and iv
sizes and when the iv is used (iv_length > 0).</dd>
<dt><a name="tls::decrypt"><strong>tls::decrypt</strong>
<b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
<b>-data</b><em> data]</em></a></dt>
<dd>Decrypt the data using cipher <em>cipher</em> and output the result per
the I/O options. This command is the opposite of the <b>tls::encrypt</b>
command. See <a href="#OPTIONS"><b>options</b></a> for usage
info. Option <b>-iv</b> is only used for some ciphers. See the
|