logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

botan - Botan command line util

Data Encoding/Decoding

base32_decfile
              Decode file to Base32.

       base32_encfile
              Encode Base32 encoded file.

       base58_enc--checkfile
              Encode file to Base58. If --check is provided Base58Check is used.

       base58_dec--checkfile
              Decode Base58 encoded file. If --check is provided Base58Check is used.

       base64_decfile
              Decode file to Base64.

       base64_encfile
              Encode Base64 encoded file.

       hex_decfile
              Decode file to Hex.

       hex_encfile
              Encode Hex encoded file.

Encryption

cipher--buf-size=4096--decrypt--cipher=--key=--nonce=--ad=
          Encrypt a given file with the specified cipher, eg "AES-256/GCM".  If --decrypt is provided  the  file
          is decrypted instead.

Forward Error Correction

fec_encode--suffix=fec--prefix=--output-dir=kninput
              Split a given input file into n shares where k shares are required to recreate the original  file.
              The  output shares a written to files with the file extension specified in --suffix and either the
              original file name or the one specified in --prefix. The output directory is either equal  to  the
              input file's directory or the one specified in --output-dir.

       fec_decode*shares
              If given enough shares, this will output the original input file's content to stdout. Otherwise an
              error is printed on stderr.

       fec_infoshare
              Given  a  single  share  this will print information about the share.  For instance: FECshare4/4with3neededforrecovery

Hash Function

hash--algo=SHA-256--buf-size=4096--no-fsname--format=hex*files
              Compute  the  algo  digest  over  the  data  in any number of files. If no files are listed on the
              command line, the input source defaults to standard input. Unless the --no-fsname option is given,
              the filename is printed alongside the hash, in the style of tools such as sha256sum.

Hmac

hmac--hash=SHA-256--buf-size=4096--no-fsnamekeyfiles
              Compute the HMAC tag with the cryptographic hash function hash using the key in file key over  the
              data  in  files.  files defaults to STDIN. Unless the --no-fsname option is given, the filename is
              printed alongside the HMAC value.

Miscellaneous Commands

version--full
              Print the version number. If option --full is provided, additional details are printed.

       has_commandcmd
              Test if the command cmd is available.

       configinfo_type
              Prints build information, useful for applications which want to build against  the  library.   The
              info_type  argument can be any of prefix, cflags, ldflags, or libs. This is similar to information
              provided by the pkg-config tool.

       cpuid  List available processor flags (AES-NI, SIMD extensions, ...).

       cpu_clock--test-duration=500
              Estimate the speed of the CPU cycle counter.

       asn1print--skip-context-specific--print-limit=4096--bin-limit=2048--max-depth=64--pemfile`
              Decode and print file with ASN.1 Basic Encoding Rules  (BER).  If  flag  --pem  is  used,  or  the
              filename  ends  in .pem, then PEM encoding is assumed. Otherwise the input is assumed to be binary
              DER/BER.

       http_get--redirects=1--timeout=3000url
              Retrieve resource from the passed http url.

       speed--msec=500--format=default--ecc-groups=--provider=--buf-size=1024--clear-cpuid=--cpu-clock-speed=0--cpu-clock-ratio=1.0*algos
              Measures the speed of the passed algos. If no algos are  passed  all  available  speed  tests  are
              executed.  msec  (in milliseconds) sets the period of measurement for each algorithm. The buf-size
              option allows testing  the  same  algorithm  on  one  or  more  input  sizes,  for  example  speed--buf-size=136,1500AES-128/GCM  tests  the  performance of GCM for small and large packet sizes.
              format can be "default", "table" or "json".

       timing_testtest_type--test-data-file=--test-data-dir=src/tests/data/timing--warmup-runs=1000--measurement-runs=10000
              Run various timing side channel tests.

       rng--format=hex--system--rdrand--auto--entropy--drbg--drbg-seed=*bytes
              Sample bytes random bytes from the specified random number generator. If system is set, the system
              RNG is used. If rdrand is  set,  the  hardware  RDRAND  instruction  is  used.  If  auto  is  set,
              AutoSeeded_RNG  is  used,  seeded  with  the  system RNG if available or the global entropy source
              otherwise. If entropy is set, AutoSeeded_RNG is used, seeded with the global  entropy  source.  If
              drbg is set, HMAC_DRBG is used seeded with drbg-seed.

       entropy--truncate-at=128source
              Sample a raw entropy source.

       cc_encryptCCpassphrase--tweak=
              Encrypt the passed valid credit card number CC using FPE encryption and the passphrase passphrase.
              The  key  is  derived  from the passphrase using PBKDF2 with SHA256. Due to the nature of FPE, the
              ciphertext is also a credit card number with a valid checksum. tweak is public  and  parameterizes
              the encryption function.

       cc_decryptCCpassphrase--tweak=
              Decrypt the passed valid ciphertext CC using FPE decryption with the passphrase passphrase and the
              tweak tweak.

       roughtime_check--raw-timechain-file
              Parse and validate a Roughtime chain file.

       roughtime--raw-time--chain-file=roughtime-chain--max-chain-size=128--check-local-clock=60--host=--pubkey=--servers-file=
              Retrieve time from a Roughtime server and store it in a chain file.

       uuid   Generate and print a random UUID.

       compress--type=gzip--level=6--buf-size=8192file
              Compress a given file.

       decompress--buf-size=8192file
              Decompress a given compressed archive.

                                                                                                        BOTAN(1)

Name

       botan - Botan command line util

Number Theory

is_prime--prob=56n
              Test  if  the  integer  n is composite or prime with a Miller-Rabin primality test with (prob+2)/2
              iterations.

       factorn
              Factor the integer n using a combination of trial division by  small  primes,  and  Pollard's  Rho
              algorithm.  It can in reasonable time factor integers up to 110 bits or so.

       gen_prime--count=1bits
              Samples count primes with a length of bits bits.

       mod_inversenmod
              Calculates a modular inverse.

Outline

       The  botan  program is a command line tool for using a broad variety of functions of the Botan library in
       the shell.

       All commands follow the syntax botan<command><command-options>.

       If botan is run with an unknown command, or without any command, or with the --help option, all available
       commands will be printed. If a particular command is run with the --help  option  (like  botan<command>--help) some information about the usage of the command is printed.

       Starting  in  version 2.9, commands that take a passphrase (such as gen_bcrypt or pkcs8) will also accept
       the literal - to mean ask for the passphrase on the terminal. If supported by the operating system,  echo
       will be disabled while reading the passphrase.

       Most  arguments that take a path to a file will also accept the literal - to mean the file content should
       be read from STDIN instead.

       All options for the command line are displayed in the summary line, and in the help output.  All  options
       are,  as  the name suggests, optional, and the default values are shown. For example hashfile prints the
       SHA-256 of the file encoded as hex, while hash--format=base64--algo=SHA-384file  prints  the  base64
       encoded SHA-384 hash of the same file.

Password Hash

gen_argon2--mem=65536--p=1--t=1password
              Calculate the Argon2 password digest of password. mem is the amount of memory to use in Kb, p  the
              parallelization parameter and t the number of iterations to use.

       check_argon2passwordhash
              Checks if the Argon2 hash of the passed password equals the passed hash value.

       gen_bcrypt--work-factor=12password
              Calculate  the  bcrypt password digest of password. work-factor is an integer between 4 and 18.  A
              higher work-factor value results in a more expensive hash calculation.

       check_bcryptpasswordhash
              Checks if the bcrypt hash of the passed password equals the passed hash value.

       pbkdf_tune--algo=Scrypt--max-mem=256--output-len=32--check*times
              Tunes the PBKDF algorithm specified with --algo= for the given times.

Psk Database

       The PSK database commands are only available if sqlite3 support was compiled in.

       psk_setdbdb_keynamepsk
              Using  the  PSK database named db and encrypting under the (hex) key db_key, save the provided psk
              (also hex) under name:

                 $ botan psk_set psk.db deadba55 bunny f00fee

       psk_getdbdb_keyname
              Get back a value saved with psk_set:

                 $ botan psk_get psk.db deadba55 bunny
                 f00fee

       psk_listdbdb_key
              List all values saved to the database under the given key:

                 $ botan psk_list psk.db deadba55
                 bunny

Public Key Cryptography

keygen--algo=RSA--params=--passphrase=--cipher=--pbkdf=--pbkdf-ms=300--provider=--der-out
              Generate  a  PKCS  #8 algo private key. If der-out is passed, the pair is BER encoded.  Otherwise,
              PEM encoding is used. To protect the PKCS #8 formatted key, it is recommended to encrypt it with a
              provided passphrase.

              If a passphrase is used, cipher specifies the name of the desired encryption  algorithm  (such  as
              "AES-256/CBC",  or  leave  empty  to use a default), and pbkdf can be used to specify the password
              hashing mechanism (either a hash such as "SHA-256" to select PBKDF2, or "Scrypt").

              The cipher mode must have an object identifier defined, this allows use of ciphers  such  as  AES,
              Twofish,  Serpent,  and  SM4. Ciphers in CBC, GCM, and SIV modes are supported. However most other
              implementations support only AES or 3DES in CBC mode.

              If encryption is used, the parameter pbkdf-ms controls how long the password hashing function will
              run to derive the encryption key from the passed passphrase.

              Algorithm specific parameters, as the desired bit length of an RSA key, can be passed with params.

                 • For RSA params specifies the bit length of the RSA modulus. It defaults to 3072.

                 • For DH params specifies the DH parameters. It defaults to modp/ietf/2048.

                 • For DSA params specifies the DSA parameters. It defaults to dsa/botan/2048.

                 • For EC algorithms params specifies the elliptic curve. It defaults to secp256r1.

       pkcs8--pass-in=--pub-out--der-out--pass-out=--cipher=--pbkdf=--pbkdf-ms=300key
          Open a PKCS #8 formatted key at key. If key is encrypted, the passphrase must be passed as pass-in. It
          is possible to (re)encrypt the read key with the passphrase passed as pass-out. The parameters cipher,
          pbkdf, and pbkdf-ms work similarly to keygen.

       sign--der-format--passphrase=--hash=SHA-256--padding=--provider=keyfile
          Sign the data in file using the PKCS #8 private key  key  and  cryptographic  hash  hash.  If  key  is
          encrypted, the used passphrase must be passed as pass-in.

          The  padding  option  can  be used to control padding for algorithms that have divergent methods; this
          mostly applies to RSA. For RSA, if the option is not specified PSS signatures are used. You can select
          generating a PKCS #1 v1.5 formatted signature instead by providing --padding=PKCS1v15.

          For ECDSA and DSA, the option --der-format outputs the signature as an ASN.1 encoded blob. Some  other
          tools (including openssl) default to this format. This option does not make sense for other algorithms
          such as RSA.

          The signature is formatted for your screen using base64.

       verify--der-format--hash=SHA-256--padding=pubkeyfilesignature
              Verify  the  authenticity of the data in file with the provided signature signature and the public
              key pubkey. Similarly to the signing process, padding specifies the padding scheme  and  hash  the
              cryptographic hash function to use.

       gen_dl_group--pbits=1024--qbits=0--seed=--type=subgroup
              Generate ANSI X9.42 encoded Diffie-Hellman group parameters.

                 • If  type=subgroup  is passed, the size of the prime subgroup q is sampled as a prime of qbits
                   length and p is pbits long. If qbits is not passed, its length is  estimated  from  pbits  as
                   described in RFC 3766.

                 • If  type=strong  is  passed,  p  is  sampled  as a safe prime with length pbits and the prime
                   subgroup has size q with pbits-1 length.

                 • If type=dsa is used, p and q are generated by the algorithm specified in FIPS 186-4.  If  the
                   --seed  parameter  is used, it allows to select the seed value, instead of one being randomly
                   generated. If the seed does not in fact generate a valid DSA group, the command will fail.

       dl_group_info--pemname
              Print raw Diffie-Hellman parameters (p,g) of the standardized DH group name. If pem  is  set,  the
              X9.42 encoded group is printed.

       ec_group_info--pemname
              Print  raw  elliptic  curve  domain  parameters of the standardized curve name. If pem is set, the
              encoded domain is printed.

       pk_encrypt--aead=AES-256/GCMrsa_pubkeydatafile
              Encrypts datafile using the specified AEAD algorithm, under a key protected by the  specified  RSA
              public key.

       pk_decryptrsa_privkeydatafile
              Decrypts  a  file  encrypted with pk_encrypt. If the key is encrypted using a password, it will be
              prompted for on the terminal.

       fingerprint--no-fsname--algo=SHA-256*keys
              Calculate the public key fingerprint of the keys.

       pk_workfactor--type=rsabits
              Provide an estimate of the strength of a public key based on it's size.   --type=  can  be  "rsa",
              "dl" or "dl_exp".

Secret Sharing

       Split a file into several shares.

       tss_splitMNdata_file--id=--share-prefix=share--share-suffix=tss--hash=SHA-256
              Split a file into N pieces any M of which suffices to recover the original input.  The  ID  allows
              specifying  a  unique  key  ID  which  may be up to 16 bytes long, this ensures that shares can be
              uniquely matched.  If not specified a random 16 byte value is used. A checksum can be appended  to
              the data to help verify correct recovery, this can be disabled using --hash=None.

       tss_recover*shares
              Recover  some  data  split by tss_split. If insufficient number of shares are provided an error is
              printed.

Tls Server/Client

       The --policy= argument of the TLS commands specifies the TLS policy to use.  The policy can be any of the
       strings "default", "suiteb_128", "suiteb_192", "bsi", "strict", or "all" to denote built-in policies,  or
       it can name a file from which a policy description will be read.

       tls_ciphers--policy=default--version=tls1.2
              Prints the list of ciphersuites that will be offered under a particular policy/version.

       tls_clienthost--port=443--print-certs--policy=default--tls1.0--tls1.1--tls1.2--skip-system-cert-store--trusted-cas=--session-db=--session-db-pass=--next-protocols=--type=tcp--client-cert=--client-cert-key=
              Implements  a  testing  TLS  client,  which  connects to host via TCP or UDP on port port. The TLS
              version can be set with the flags tls1.0, tls1.1 and tls1.2 of which the lowest specified  version
              is automatically chosen.  If none of the TLS version flags is set, the latest supported version is
              chosen.  The client honors the TLS policy specified with policy and prints all certificates in the
              chain, if print-certs is passed.  next-protocols is a  comma  separated  list  and  specifies  the
              protocols  to  advertise  with  Application-Layer  Protocol  Negotiation (ALPN).  Pass a path to a
              client certificate PEM and unencrypted PKCS8 encoded  private  key  if  client  authentication  is
              required.

       tls_servercertkey--port=443--type=tcp--policy=default--dump-traces=--max-clients=0--socket-id=0
              Implements a testing TLS server, which allows TLS clients to connect and which echos any data that
              is  sent  to it. Binds to either TCP or UDP on port port. The server uses the certificate cert and
              the respective PKCS #8 private key key. The server honors the TLS policy  specified  with  policy.
              socket-id is only available on FreeBSD and sets the so_user_cookie value of the used socket.

       tls_http_servercertkey--port=443--policy=default--threads=0--max-clients=0--session-db--session-db-pass=
              Only  available  if Boost.Asio support was enabled. Provides a simple HTTP server which replies to
              all requests with an informational text output. The server honors the TLS  policy  specified  with
              policy.

       tls_proxylisten_porttarget_hosttarget_portserver_certserver_key--policy=default--threads=0--max-clients=0--session-db=--session-db-pass=
              Only available if Boost.Asio support was enabled. Listens on a port and forwards all connects to a
              target server specified at target_host and target_port.

       tls_client_hello--hexinput
              Parse and print a TLS client hello message.

X.509

gen_pkcs10keyCN--country=--organization=--ca--path-limit=1--email=--dns=--ext-ku=--key-pass=--hash=SHA-256--emsa=
              Generate a PKCS #10 certificate signing request (CSR) using the passed PKCS #8 private key key. If
              the private key is encrypted, the decryption passphrase key-pass has to be passed.*emsa* specifies
              the padding scheme to be used when calculating the signature.

                 • For RSA keys EMSA4 (RSA-PSS) is the default scheme.

                 • For ECDSA, DSA, ECGDSA, ECKCDSA and GOST-34.10 keys emsa defaults to EMSA1.

       gen_self_signedkeyCN--country=--dns=--organization=--email=--path-limit=1--days=365--key-pass=--ca--hash=SHA-256--emsa=--der
              Generate  a self signed X.509 certificate using the PKCS #8 private key key. If the private key is
              encrypted, the decryption passphrase key-pass has to be passed. If ca is passed,  the  certificate
              is  marked for certificate authority (CA) usage. emsa specifies the padding scheme to be used when
              calculating the signature.

                 • For RSA keys EMSA4 (RSA-PSS) is the default scheme.

                 • For ECDSA, DSA, ECGDSA, ECKCDSA and GOST-34.10 keys emsa defaults to EMSA1.

       sign_cert--ca-key-pass=--hash=SHA-256--duration=365--emsa=ca_certca_keypkcs10_req
              Create a CA signed  X.509  certificate  from  the  information  contained  in  the  PKCS  #10  CSR
              pkcs10_req.  The  CA  certificate  is  passed as ca_cert and the respective PKCS #8 private key as
              ca_key. If the private key is encrypted, the decryption passphrase ca-key-pass has to  be  passed.
              The  created certificate has a validity period of duration days. emsa specifies the padding scheme
              to be used when calculating the signature. emsa defaults to the padding  scheme  used  in  the  CA
              certificate.

       ocsp_check--timeout=3000subjectissuer
              Verify  an  X.509 certificate against the issuers OCSP responder. Pass the certificate to validate
              as subject and the CA certificate as issuer.

       cert_info--fingerprintfile
              Parse X.509 PEM certificate and display data fields. If --fingerprint is used,  the  certificate's
              fingerprint is also printed.

       cert_verifysubject*ca_certs
              Verify  if  the  provided  X.509  certificate  subject  can be successfully validated. The list of
              trusted CA certificates is passed with ca_certs, which is a list of one or more certificates.

       trust_roots--dn--dn-only--display
              List the certificates in the system trust store.

See Also