| .\" Copyright 2009 Colin Percival |
| .\" All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| .\" SUCH DAMAGE. |
| .Dd May 24, 2009 |
| .Dt SCRYPT 1 |
| .Os |
| .Sh NAME |
| .Nm scrypt |
| .Nd encrypt and decrypt files. |
| .Sh SYNOPSIS |
| .Nm |
| .Brq Cm enc | Cm dec |
| .Op Fl M Ar maxmem |
| .Op Fl m Ar maxmemfrac |
| .Op Fl t Ar maxtime |
| .Ar infile |
| .Op Ar outfile |
| .Sh DESCRIPTION |
| .Nm Cm enc |
| encrypts |
| .Ar infile |
| and writes the result to |
| .Ar outfile |
| if specified, or the standard output otherwise. |
| The user will be prompted to enter a passphrase (twice) to |
| be used to generate a derived encryption key. |
| .Pp |
| .Nm Cm dec |
| decrypts |
| .Ar infile |
| and writes the result to |
| .Ar outfile |
| if specified, or the standard output otherwise. |
| The user will be prompted to enter the passphrase used at |
| encryption time to generate the derived encryption key. |
| .Sh OPTIONS |
| .Bl -tag -width "-m maxmemfrac" |
| .It Fl M Ar maxmem |
| Use at most |
| .Ar maxmem |
| bytes of RAM to compute the derived encryption key. |
| .It Fl m Ar maxmemfrac |
| Use at most the fraction |
| .Ar maxmemfrac |
| of the available RAM to compute the derived encryption key. |
| .It Fl t Ar maxtime |
| Usr at most |
| .Ar maxtime |
| seconds of CPU time to compute the derived encryption key. |
| .El |
| In |
| .Nm Cm enc , |
| the memory and CPU time limits are enforced by picking |
| appropriate parameters to the |
| .Nm |
| key derivation function. |
| In |
| .Nm Cm dec , |
| the memory and CPU time limits are enforced by exiting with |
| an error if decrypting the file would require too much memory |
| or CPU time. |
| .Sh EXIT STATUS |
| The |
| .Nm |
| utility exits 0 on success, and >0 if an error occurs. |
| .Pp |
| Note that if the input encrypted file is corrupted, |
| .Nm Cm dec |
| may produce output prior to determining that the input |
| was corrupt and exiting with a non-zero status; so |
| users should direct the output to a safe location and |
| check the exit status of |
| .Nm |
| before using the decrypted data. |
| .Sh SEE ALSO |
| .Rs |
| .%A "Colin Percival" |
| .%T "Stronger Key Derivation via Sequential Memory-Hard Functions" |
| .%O "Presented at BSDCan'09" |
| .%D "May 2009" |
| .Re |
| .Sh HISTORY |
| The |
| .Nm |
| utility was written in May 2009 by Colin Percival as a |
| demonstration of the |
| .Nm |
| key derivation function. |
| The |
| .Nm |
| key derivation function was invented in March 2009 by Colin |
| Percival in order to allow key files from the |
| .Nm tarsnap |
| backup system to be passphrase protected. |