diff --git a/README.md b/README.md index ea3d7fb..8613fbc 100644 --- a/README.md +++ b/README.md @@ -22,8 +22,8 @@ Synopsis The SlunkCypt command-line program is invoked as follows: - slunkcrypt --encrypt [[@][:]] - slunkcrypt --decrypt [[@][:]] + slunkcrypt --encrypt [[@][:]] + slunkcrypt --decrypt [[@][:]] slunkcrypt --make-pw [] Commands @@ -32,24 +32,37 @@ Commands One of the following commands must be chosen: - **`--encrypt` (`-e`):** - Encrypt the plaintext in the given input file. The ciphertext is written to the specified output file. + Run application in ***encrypt*** mode. Reads the given *plaintext* and generates *ciphertext*. - **`--decrypt` (`-d`):** - Decrypt the ciphertext in the given input file. The plaintext is written to the specified output file. + Run application in ***decrypt*** mode. Reads the given *ciphertext* and restores *plaintext*. - **`--make-pw` (`-p`):** - Generate and print a random passphrase. An optional length can be specified (default: 24). + Generate and output a "strong" random passphrase suitable for use with SlunkCrypt. - **`--self-test` (`-t`):** - Run the self-test and exit application. + Run application in ***self-test*** mode. Program will exit when test is completed. Options ------- The following options are available: -- If `` is prefixed with a **`@`** character, then it specifies the file to read the passphrase from. - *Note:* Only the first non-empty line in the specified file is used! -- If `` is prefixed with a **`:`** character, then the leading character is ignored. -- If `` is omitted, then the passphrase is read from the `SLUNK_PASSPHRASE` environment variable. -- If `` is set to **`@-`**, then the passphrase is read from the standard input stream. +- **``**: + * The passphrase used to "protect" the message. The same passphrase must be used for both, ***encrypt*** and ***decrypt*** mode. + * It will only be possible decrypt the ciphertext, if the "correct" passphrase is known. + * Use **`--make-pw`** to generate a random passphrase. The passphrase must be kept confidential under all circumstances! + * **Syntax:** + - If the passphrase is prefixed with an **`@`** character, then it specifies the file to read the passphrase from. + - If the passphrase is set to **`@-`**, then the passphrase is read from the standard input stream. + - If the passphrase is prefixed with an **`:`** character, then the leading character is ignored; use if passphrase contains **`@`** character. + - If the parameter is *omitted*, then the passphrase is read from the `SLUNK_PASSPHRASE` environment variable. + * *Note:* In order to thwart brute force attacks, it is recommended to choose a "random" password that is at least 12 characters in length and that consists of upper-case characters, lower-case characters, digits as well as other "special" characters. +- **``**: + * In ***encrypt*** mode, specifies the *plaintext* (unencrypted information) file that is to be encrypted. + * In ***decrypt*** mode, specifies the *ciphertext* (result of encryption) file that is to be decrypted. +- **``**: + * In ***encrypt*** mode, specifies the file where the *ciphertext* (result of encryption) will be stored. + * In ***decrypt*** mode, specifies the file where the *plaintext* (unencrypted information) will be stored. +- **``**: + * Speicifes the length of the passphrase to be generated, in characters. If *not* specified, defaults to 24. Programming Interface (API) @@ -203,7 +216,7 @@ Encrypt the next message chunk, using a single buffer. License -------- +======= This work has been released under the **CC0 1.0 Universal** license.