CREAM(1) General Commands Manual CREAM(1)

creamcrypto utility for streams

cream [-deh] [-b size] [-j thread] [-t time] [-m memory] [-p pass] [-s salt] [-f file]

cream encrypts and decrypts continuous flows of data, from a password. The password can be provided on the command line, or interactively via the terminal.

The name is a portemanteau for crypto + stream.

Decryption mode. Expect encrypted stream from file or stdin , and write plaintext to stdout.
Encryption mode (default). Read plaintext data from stdin , and write cipher to file or stdout.
Change internal buffer length to size. Default: 4096.
Memory to use for computing the key. Default: 64 Mib.
Number of iterations to perform. This effectively increases the time taken to compute the key. Default: 3.
Number of parallel threads used. Default: 4.
Read/write encrypted data from/to file, Depending on the operation mode.
Derivate the private key from the string pass. By default, the user will be prompted for the password on the terminal. (See SECURITY CONSIDERATIONS)
Read salt data from salt. See cream(5) for details about the salt.
Print a quick usage text.

Providing a password on the command line can be insecure. It could be saved in the shell history, or leaked to processes that can read the process tree.

Cryptographic parameters can be changed from the command line. These values will directly affect the time it takes to compute the key, by consuming more resources.

However, changing any of these values will change the produced key, or the stream. The same values must be used in order to successfully decrypt a stream.

For convenience on the decryption side, the specific parameters used during encryption are prepended to the data stream (see cream(5) for details on the format)

Encrypt a file, then decrypt it (you will be prompted for a password for each command).

  cream -e < kitten.gif > secret.enc
  cream -d < secret.enc > kitten.gif

Encrypt multiple files with the same key. This assumes that the password is stored in the $PASSWORD environment variable:

  dd if=/dev/urandom of=./salt bs=16 count=1
  for file in *.gif; do
    cream -s ./salt -p "$PASSWORD" < $file > $file.enc


Willy Goiffon <>

2022-09-14 POSIX.1-2017