The enigma utility, also known as crypt is a very simple encryption program, working on a "secret-key" basis. It operates as a filter, i.e., it encrypts or decrypts a stream of data from standard input, and writes the result to standard output. Since its operation is fully symmetrical, feeding the encrypted data stream again through the engine (using the same secret key) will decrypt it.
There are several ways to provide the secret key to the program. By default, the program prompts the user on the controlling terminal for the key, using getpass(3). This is the only safe way of providing it.
Alternatively, the key can be provided as the sole command-line argument password when starting the program. Obviously, this way the key can easily be spotted by other users running ps(1). As yet another alternative, enigma can be given the option -k , and it will take the key from the environment variable CrYpTkEy. While this at a first glance seems to be more secure than the previous option, it actually is not since environment variables can also be examined with ps(1). Thus this option is mainly provided for compatibility with other implementations of enigma.
When specifying the option -s , enigma modifies the encryption engine in a way that is supposed to make it a little more secure, but incompatible with other implementations.
The cryptographic value of enigma is rather small. This program is only provided here for compatibility with other operating systems that also provide an implementation (usually called crypt(1) there). For real encryption, refer to bdes(1), openssl(1), pgp 1(ports/security/pgp), or gpg 1(ports/security/gnupg). However, restrictions for exporting, importing or using such tools might exist in some countries, so those stronger programs are not being shipped as part of the operating system by default.