tcream.1 - cream - Stream encryption utility
(HTM) git clone git://git.z3bra.org/cream.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
tcream.1 (2705B)
---
1 .Dd 2022-09-14
2 .Dt CREAM 1
3 .Os POSIX.1-2017
4 .Sh NAME
5 .Nm cream
6 .Nd crypto utility for streams
7 .Sh SYNOPSIS
8 .Nm
9 .Op Fl deh
10 .Op Fl b Ar size
11 .Op Fl j Ar thread
12 .Op Fl t Ar time
13 .Op Fl m Ar memory
14 .Op Fl p Ar pass
15 .Op Fl s Ar salt
16 .Op Fl f Ar file
17 .Sh DESCRIPTION
18 .Nm
19 encrypts and decrypts continuous flows of data, from a password.
20 The password can be provided on the command line, or interactively
21 via the terminal.
22 .Pp
23 The name is a portemanteau for crypto + stream.
24 .Bl -tag -width Ds
25 .It Fl d
26 Decryption mode. Expect encrypted stream from
27 .Ar file
28 or
29 .Pa stdin
30 , and write plaintext to
31 .Pa stdout .
32 .It Fl e
33 Encryption mode (default). Read plaintext data from
34 .Pa stdin
35 , and write cipher to
36 .Ar file
37 or
38 .Pa stdout .
39 .It Fl b Ar size
40 Change internal buffer length to
41 .Ar size .
42 Default: 4096.
43 .It Fl m Ar memory
44 Memory to use for computing the key. Default: 64 Mib.
45 .It Fl t Ar time
46 Number of iterations to perform. This effectively increases the time
47 taken to compute the key. Default: 3.
48 .It Fl j Ar thread
49 Number of parallel threads used. Default: 4.
50 .It Fl f Ar file
51 Read/write encrypted data from/to
52 .Ar file ,
53 Depending on the operation mode.
54 .It Fl p Ar pass
55 Derivate the private key from the string
56 .Ar pass .
57 By default, the user will be prompted for the password on the terminal.
58 (See
59 .Sx SECURITY CONSIDERATIONS )
60 .It Fl s Ar salt
61 Read salt data from
62 .Ar salt .
63 See
64 .Xr cream 5
65 for details about the salt.
66 .It Fl h
67 Print a quick usage text.
68 .El
69 .Sh SECURITY CONSIDERATIONS
70 Providing a password on the command line can be insecure. It could be
71 saved in the shell history, or leaked to processes that can read the
72 process tree.
73 .Sh CRYPTOGRAPHIC CONSIDERATIONS
74 Cryptographic parameters can be changed from the command line.
75 These values will directly affect the time it takes to compute the key,
76 by consuming more resources.
77 .Pp
78 However, changing any of these values will change the produced key,
79 or the stream. The same values must be used in order to successfully
80 decrypt a stream.
81 .Pp
82 For convenience on the decryption side, the specific parameters used
83 during encryption are prepended to the data stream (see
84 .Xr cream 5
85 for details on the format)
86 .Sh EXAMPLES
87 Encrypt a file, then decrypt it (you will be prompted for a password
88 for each command).
89 .Bd -literal
90 cream -e < kitten.gif > secret.enc
91 cream -d < secret.enc > kitten.gif
92 .Ed
93 .Pp
94 Encrypt multiple files with the same key. This assumes that
95 the password is stored in the $PASSWORD environment variable:
96 .Bd -literal
97 dd if=/dev/urandom of=./salt bs=16 count=1
98 for file in *.gif; do
99 cream -s ./salt -p "$PASSWORD" < $file > $file.enc
100 done
101 .Ed
102 .Sh SEE ALSO
103 .Xr cream 5
104 .Sh AUTHORS
105 .An Willy Goiffon Aq Mt dev@z3bra.org