Scroll to navigation

SCRYPT(1) General Commands Manual SCRYPT(1)

NAME

scryptencrypt and decrypt files.

SYNOPSIS

scrypt {enc|dec|info}[-f][--logNvalue][-Mmaxmem][-mmaxmemfrac][-P][-pvalue][--passphrasemethod:arg][-rvalue][-tmaxtime][-v]infile[outfile]

scrypt --version

DESCRIPTION

scryptencencryptsinfileand writes the result tooutfileif specified, or the standard output otherwise.The user will be prompted to enter a passphrase (twice) tobe used to generate a derived encryption key.

scryptdecdecryptsinfileand writes the result tooutfileif specified, or the standard output otherwise.The user will be prompted to enter the passphrase used atencryption time to generate the derived encryption key.

scryptinfoprovides information about the encryption parameters used forinfile.

If-Pis not given,scryptreads passphrases from its controlling terminal, or failing that,from stdin. Prompts are only printed whenscryptis reading passphrases from some terminal. If-Pis given, thenscryptdoes not print any prompts, and reads a passphrase from stdin.

OPTIONS

Force the decryption to proceed even if it is anticipated torequire an excessive amount of memory or CPU time.
value
Set the work parameter N to2^value.If--logNis set,-rand-pmust also be set. If such explicit parameters are given, theresource limits set by-M,-m,and-tare not enforced.
maxmem
Use at mostmaxmembytes of RAM to compute the derived encryption key.
maxmemfrac
Use at most the fractionmaxmemfracof the available RAM to compute the derived encryption key.
Always read passphrase from stdin, and do so only once evenwhen encrypting. This cannot be used ifinfileis also stdin (aka '-').
value
Set the work parameter p tovalue.If-pis set,--logNand-rmust also be set. If such explicit parameters are given, theresource limits set by-M,-m,and-tare not enforced.
method:arg
Read the passphrase using the specified method.
dev:tty-stdin
Attempt to read the passphrase from /dev/tty; if that fails, readit from stdin. This is the default behaviour.
dev:stdin-once
Attempt to read the passphrase from stdin, and do so only onceeven when encrypting. This cannot be used ifinfileis also stdin (aka '-').
dev:tty-once
Attempt to read the passphrase from /dev/tty, and do so only onceeven when encrypting.
env:VAR
Read the passphrase from the environment variable specified byVAR.

Storing a passphrase in an environment variable may be a security risk.
Only use this option if you are certain that you know what you are doing.
file:FILENAME
Read the passphrase from the file specified byFILENAME.

Storing a passphrase in a file may be a security risk.
Only use this option if you are certain that you know what you are doing.
value
Set the work parameter r tovalue.If-ris set,--logNand-pmust also be set. If such explicit parameters are given, theresource limits set by-M,-m,and-tare not enforced.
maxtime
Use at mostmaxtimeseconds of CPU time to compute the derived encryption key.
Print encryption parameters (N, r, p) and memory/cpu limits.
Print version of scrypt, and exit.

Inscryptenc,the memory and CPU time limits are enforced by pickingappropriate parameters to thescryptkey derivation function.Inscryptdec,the memory and CPU time limits are enforced by exiting withan error if decrypting the file would require too much memoryor CPU time.

EXIT STATUS

Thescryptutility exits 0 on success, and >0 if an error occurs.

Note that if the input encrypted file is corrupted,scryptdecmay produce output prior to determining that the inputwas corrupt and exiting with a non-zero status; sousers should direct the output to a safe location andcheck the exit status ofscryptbefore using the decrypted data.

ALGORITHM PARAMETERS

The scrypt algorithm has three tuneable work parameters: N, r, p.When decrypting, scrypt will always use the values specified bythe encryption header. When encrypting, scrypt will chooseappropriate values based on your system's speed and memory(influenced by-M,-m,and/or-t),unless you specify explicit parameters via--logN,-p,-r.

SEE ALSO

Colin Percival,Stronger Key Derivation via Sequential Memory-Hard Functions,BSDCan'09,May 2009.

Colin PercivalandSimon Josefsson,The scrypt Password-Based Key Derivation Function,IETF RFC 7914,August 2016.

HISTORY

Thescryptutility was written in May 2009 by Colin Percival as ademonstration of thescryptkey derivation function.Thescryptkey derivation function was invented in March 2009 by ColinPercival in order to allow key files from theTarsnapbackup system to be passphrase protected.

@DATE@ Debian