CREAM(1) General Commands Manual CREAM(1)

creamcrypto utility for streams

cream [-deh] [-b size] [-j thread] [-t time] [-m memory] [-s salt] [-f file]

cream encrypts and decrypts continuous flows of data, from a password.

The name is a portemanteau for crypto + stream.

Decryption mode. Expect encrypted stream from file or stdin , and write plaintext to stdout.
Encryption mode (default). Read plaintext data from stdin , and write cipher to file or stdout.
Change internal buffer length to size. Default: 4096.
Memory to use for computing the key. Default: 64 Mib.
Number of iterations to perform. This effectively increases the time taken to compute the key. Default: 3.
Number of parallel threads used. Default: 4.
Read/write encrypted data from/to file, Depending on the operation mode.
Read salt data from salt. See cream(5) for details about the salt.
Print a quick usage text.

Cryptographic parameters can be changed from the command line. These values will directly affect the time it takes to compute the key, by consuming more resources.

However, changing any of these values will change the produced key, or the stream. The same values must be used in order to successfully decrypt a stream.

For convenience on the decryption side, the specific parameters used during encryption are prepended to the data stream (see cream(5) for details on the format)

Encrypt a file, then decrypt it (you will be prompted for a password for each command).

  cream -e < kitten.gif > secret.enc
  cream -d < secret.enc > kitten.gif

Encrypt multiple files with the same key. This assumes that you input the same password for each call:

  dd if=/dev/urandom of=./salt bs=16 count=1
  for file in *.gif; do
    cream -s ./salt < $file > $file.enc


Willy Goiffon <>

2022-09-14 POSIX.1-2017