Support for encrypt with a key file passed in

manpages/manual.txt

@@ -35,14 +35,14 @@ wolfCLU_main
 ENCRYPTION
 
     SYNOPSIS
-        wolfssl -encrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV]
+        wolfssl -encrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
     DESCRIPTION
         This command allows data to be encrypted using ciphers and keys based on passwords if not explicitly provided
     .ALGORITHMS
         -aes-cbc-[128|192|256]
             uses AES algorithm with designated key size.
         -aes-ctr-[128|192|256]
-            uses AES Counter with designated key size. Only available if ./congigure settings support 
+            uses AES Counter with designated key size. Only available if ./configure settings support
         -3des-cbc-[056|112|168]
             uses 3DES algorithm with designated key size.
         -camellia-cbc-[128|192|256]
@@ -51,20 +51,21 @@ ENCRYPTION
         -in filename/stdin     the input filename, standard input. If file does not exist, it will treat data as stdin
         -out filename           the output filename, if filename does not exist, it will be created
         -pwd password           password to derive the key from. prompts if password option is not provided. If used, iv isn't needed
-        -iv IV                the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
-        -key Key                the actual key to use. Must be in hex
+        -iv IV                  the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
+        -key hex                the actual key to use, supplied as a hex string on the command line. Length must match the algorithm key size. Requires -iv: when an explicit key is supplied, no salt-based key/iv derivation runs and no Salted__ header is written.
+        -inkey filename         read the key from a file. The file may hold either a hex-encoded key (whitespace within the file is ignored) or a raw binary key whose byte length matches the algorithm key size. For backward compatibility, if the argument does not name an existing file but is a hex string of the right length it is parsed as hex with a deprecation warning; new scripts should use -key for hex input on the command line.
 
 DECRYPTION
 
     SYNOPSIS
-        wolfssl -decrypt <-algorithm> <-in filename> [-out filename] [-key password] [-iv IV]
+        wolfssl -decrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
     DESCRIPTION
         This command allows data to be decrypted using ciphers and keys based on passwords if not explicitly provided
     ALGORITHMS
         -aes-cbc-[128|192|256]
             uses AES algorithm with designated key size.
         -aes-ctr-[128|192|256]
-            uses AES Counter with designated key size. Only available if ./congigure settings support 
+            uses AES Counter with designated key size. Only available if ./configure settings support
         -3des-cbc-[056|112|168]
             uses 3DES algorithm with designated key size.
         -camellia-cbc-[128|192|256]
@@ -73,8 +74,9 @@ DECRYPTION
         -in filename/stdin     the input filename, standard input. If file does not exist, it will treat data as stdin
         -out filename           the output filename, if filename does not exist, it will be created
         -pwd password           password to derive the key from. prompts if password option is not provided. If used, iv isn't needed
-        -iv IV                the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
-        -key Key                the actual key to use. Must be in hex
+        -iv IV                  the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
+        -key hex                the actual key to use, supplied as a hex string on the command line. Length must match the algorithm key size. Requires -iv: when an explicit key is supplied, no salt-based key/iv derivation runs, so the IV must be provided directly.
+        -inkey filename         read the key from a file. The file may hold either a hex-encoded key (whitespace within the file is ignored) or a raw binary key whose byte length matches the algorithm key size. For backward compatibility, if the argument does not name an existing file but is a hex string of the right length it is parsed as hex with a deprecation warning; new scripts should use -key for hex input on the command line.
 
 HASH
 

manpages/wolfCLU_decrypt.1

@@ -4,7 +4,7 @@
 .SH NAME
 decrypt \- cipher routines
 .SH SYNOPSIS
-wolfssl -decrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key key]
+wolfssl -decrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
 .SH DESCRIPTION
 This command allows data to be decrypted using ciphers and keys based on passwords if not explicitly provided
 .SH ALGORITHMS
@@ -44,7 +44,32 @@ This command allows data to be decrypted using ciphers and keys based on passwor
                       Must be provided in hex
 .br
 .LP
--key Key              the actual key to use. Must be in hex
+-key hex              the actual key to use, supplied as a hex string on the
+.br
+                      command line. Length must match the algorithm key size.
+.br
+                      Requires -iv: when an explicit key is supplied, no
+.br
+                      salt-based key/iv derivation runs, so the IV must be
+.br
+                      provided directly.
+.br
+.LP
+-inkey filename       read the key from a file. The file may contain either a
+.br
+                      hex-encoded key (whitespace within the file is ignored)
+.br
+                      or a raw binary key whose byte length matches the
+.br
+                      algorithm key size. For backward compatibility, if the
+.br
+                      argument does not name an existing file but is a hex
+.br
+                      string of the right length it is parsed as hex with a
+.br
+                      deprecation warning; new scripts should use -key for
+.br
+                      hex input on the command line.
 .SH BUGS
 No known bugs at this time.
 .SH AUTHOR

manpages/wolfCLU_encrypt.1

@@ -4,7 +4,7 @@
 .SH NAME
 encrypt \- cipher routines
 .SH SYNOPSIS
-wolfssl -encrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV]
+wolfssl -encrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
 .SH DESCRIPTION
 This command allows data to be encrypted using ciphers and keys based on passwords if not explicitly provided
 .SH ALGORITHMS
@@ -40,7 +40,32 @@ This command allows data to be encrypted using ciphers and keys based on passwor
                       Must be provided in hex
 .br
 .LP
--key Key              the actual key to use. Must be in hex
+-key hex              the actual key to use, supplied as a hex string on the
+.br
+                      command line. Length must match the algorithm key size.
+.br
+                      Requires -iv: when an explicit key is supplied, no
+.br
+                      salt-based key/iv derivation runs and no Salted__
+.br
+                      header is written.
+.br
+.LP
+-inkey filename       read the key from a file. The file may contain either a
+.br
+                      hex-encoded key (whitespace within the file is ignored)
+.br
+                      or a raw binary key whose byte length matches the
+.br
+                      algorithm key size. For backward compatibility, if the
+.br
+                      argument does not name an existing file but is a hex
+.br
+                      string of the right length it is parsed as hex with a
+.br
+                      deprecation warning; new scripts should use -key for
+.br
+                      hex input on the command line.
 .SH BUGS
 No known bugs at this time.
 .SH AUTHOR