sencrypt, sdecrypt — encrypt and decrypt data


sencrypt { -l }

sencrypt [ -v ] { -a algorithm } [ -k key_file ] [ -i input_file ] [ -o output_file ]

sdecrypt { -l }

sdecrypt [ -v ] { -a algorithm } [ -k key_file ] [ -i input_file ] [ -o output_file ]


The sencrypt utility encrypts data and the sdecrypt utility decrypts data using the specified algorithm. A key file must be a regular file and have the exact size of the desired key length, its content will be used verbatim as the key. If no key file is specified sencrypt or sdecrypt will ask for a passphrase and use that together with a salt to derive a key using the PBKDF2 key derivation function. If no input file is specfified, the input will be read from stdin. If no output file is specfied, the output will be written to stdout. The input and output file may be identical, in which case the content of the input file is replaced with the output after successful encryption or decryption. The algorithm used for encrypting data is not saved and needs to be explicitly specified when decrypting data.

sencrypt and sdecrypt are portable and compatible reimplementations of the encrypt and decrypt utilities in Solaris/Illumos-based operating systems.


The following options are supported:


List the available algorithms and supported key lengths and exit.

-a algorithm

Use the specified algorithm. See the section called “Algorithms” for a list of supported algorithms.

-k key_file

Read key data from specified key file. Key size requirements depend on the selected algorithm.

-i input_file

Read the input from the specified file.

-o output_file

Write the output to the specified file.


Ignored for compatibility with encrypt and decrypt.


The following algorithms and key lengths are supported:


The arcfour, des, and 3des algorithms are considered insecure and should not longer be used to encrypt new files. Using them will print a warning message.


Example 1. Encrypt a file with the AES algorithm

The following example encrypts a file with the AES algorithm:

$ sencrypt -a aes -i secret.txt -o secret.aes

Example 2. Decrypt a file in-place

The following example decrypts a file in-place:

$ sdecrypt -a 3des -i data.bin -o data.bin

Example 3. Encrypt a file using a key file

The following example generates a key file with 512 bits of random data and uses it to encrypt a file:

$ dd if=/dev/urandom of=key.bin bs=64 count=1
$ sencrypt -a arcfour -k key.bin -i secret.txt -o secret.rc4

Example 4. Pipe data trough encrypt in order to make a remote encrypted backup

The following example creates an archive in the tar format, encrypts it and sends it to a remote location via SSH:

$ pax -w -x ustar /home | sencrypt -a aes -k backup-key.bin |\
    ssh backuphost 'cat > home.tar'

Exit Status

The following exit values are returned:


Command successfully executed.

> 0

An error has occured.