ENCRYPT(1) BSD Reference Manual ENCRYPT(1)
encrypt - encrypt passwords from the command line or standard input
encrypt -b rounds [-p | string]
encrypt [-c class] [-p | string]
encrypt -m [-p | string]
encrypt -S salt [-p | string]
encrypt -s salt [-p | string]
encrypt -k
makekey
encrypt prints the encrypted form of string to the standard output. This
is mostly useful for encrypting passwords from within scripts.
The options are as follows:
-k Run in makekey compatible mode; a single combined key and salt
are read from standard input and the DES encrypted result is
written to standard output without a terminating newline.
-b rounds Encrypt the string using Blowfish hashing with the specified
rounds.
-c class Use the cipher type specified in the given user login class.
See login.conf(5) for more information.
-m Encrypt the string using MD5.
-p Prompt for a single string with echo turned off.
-S salt Encrypt the string with the specified salt, using the algo-
rithm specified by salt.
-s salt Encrypt the string using DES, with the specified salt.
If no string is specified, encrypt reads one string per line from stan-
dard input, encrypting each one with the chosen algorithm from above. In
the case where no specific algorithm or specific user login class was
given as a command line option, the algorithm specified in the default
class in /etc/login.conf will be used.
For MD5 and Blowfish as well as any algorithm determined from the login
class, a new random salt is automatically generated for each password,
except if the -S option is used.
Specifying the string on the command line should be discouraged; using
the standard input is more secure.
/etc/login.conf
crypt(3), login.conf(5)
encrypt first appeared in OpenBSD 1.2.
A makekey command appeared in Version 7 AT&T UNIX.
The -S option first appeared in MirBSD #11.
MirBSD #10-current September 6, 2008 1