| SYD-AES(1) | General Commands Manual | SYD-AES(1) |
syd-aes - AES-CTR encryption and decryption utility
syd-aes [-hv] -e|-d -k <key-serial> -i <iv-hex>
The syd-aes utility uses the Linux Kernel Cryptography API to encrypt and decrypt data using AES-CTR mode using keyrings(7) to select the encryption/decryption key to use without copying key material into userspace. It supports both encryption and decryption operations, with the key serial provided as a 32-bit ID and IV provided as a hexadecimal string. Given data from standard input, syd-aes performs the specified operation and outputs the result to standard output. syd-aes uses pipes and splice(2) to transfer data using zero-copy, and therefore able to encrypt/decrypt files of arbitrary size.
| -h | Display help. |
| -v | Enable verbose mode. If standard error is a terminal, print progress updates periodically, similar to dd(1). |
| -e | Encrypt the input data. |
| -d | Decrypt the input data. |
| -k <key-serial> | Key serial ID (32-bit integer). |
| The kernel key that syd-aes (via ALG_SET_KEY_BY_KEY_SERIAL) will read must grant the caller | |
| search permission -- i.e. have the KEY_(POS|USR|GRP|OTH)_SEARCH permission bit(s) set | |
| so the kernel can locate and copy the key data into the crypto API; | |
| otherwise the operation will be denied (EPERM: "Operation not permitted"). | |
| -i <iv> | Hex-encoded IV (128 bits). |
syd(1), syd(2), syd(5), syd-key(1), splice(2), keyrings(7)
syd homepage: https://sydbox.exherbo.org/
Maintained by Ali Polatel. Up-to-date sources can be found at https://gitlab.exherbo.org/sydbox/sydbox.git and bugs/patches can be submitted to https://gitlab.exherbo.org/groups/sydbox/-/issues. Discuss in #sydbox on Libera Chat or in #sydbox:mailstation.de on Matrix.
| 2025-11-14 |