ccguess man page

ccguess — search for ccrypt encryption keys


ccguess [options] file...


The ccguess program attempts to guess ccrypt(1) encryption keys by searching the relevant part of the key space. This is done by prompting the user for an approximate key and then trying many variations of this key. This is intended to assist ccrypt users in recovering mistyped or forgotten keys, provided that they remember at least part of the key.

Note that ccrypt provides strong cryptographic security: there are no special back doors or shortcuts to recovering forgotten keys. Therefore, the ccguess program does not have any special powers. It simply works by trying different keys until a possible match is found.

A search of the entire key space is not usually a practical option. ccguess therefore works by prompting the user for an approximate key. It then tries all variations that can be obtained by applying a small number of changes. Here, each change is either a deletion of one letter, an insertion of one letter, a replacement of one letter by another, or a transposition of two adjacent letters. By default, ccguess searches all keys that differ from the approximate key by up to 5 changes. The number of changes searched can be adjusted with the --depth option.

The mechanism by which ccguess determines whether a key is a "possible match" is the same as that used by ccrypt to reject non-matching decryption keys. There is a small chance of a false match, i.e., ccguess may find a key that turns out not to be the true encryption key and does not decrypt the file correctly. A false match happens approximately once for every 4.3 billion keywords tried, so the longer your search goes on, the higher the likelihood that a false match is found. Normally, ccguess stops after the first possible match is found, but the -c option can be used to search for additional keys. The possibility of a false match can be further reduced by supplying multiple files that have been encrypted with the same key. In this case, ccguess will search for keys that match any of the files, but will print a warning for keys that do not match all of the files.


The following options are supported:

-h, --help

Help. Print usage information and exit.

-L, --license

Print license info and exit.

-V, --version

Print version info and exit.

-K key, --key key

Specify the approximate key on the command line, rather than prompting the user for it.

-d n, --depth n

Search keys that contain up to n changes. The default is 5.

-c, --continue

Keep trying more keys even after the first match is found. By default, ccguess will stop after the first key is found that matches all input files.

-t chars, --chartable chars

Specify the list of characters to try for replacements and insertions. By default, ccguess will try all printable ASCII characters. If you know, for example, that your key only used lowercase letters and numbers, you can speed up the search by specifying a list of characters explicitly. This option is mutually exclusive with -n.

-n, --non-printable

Allow non-printable characters in keys. By default, ccguess will only try printable ASCII characters. Note that the use of this option slows down the search significantly. This option is mutually exclusive with -t.



The name of a file that has been encrypted with the unknown key. This file is only read from, not written to. The special filename "-" is used to denote standard input.

If multiple files are specified, ccguess will search for keys that match any of the files, but will print a warning for keys that do not match all of the files.


Suppose the file myfile.cpt has been encrypted with the key "gardenhouse", but the user remembers "gardenhose". The command

   ccguess -K gardenhose myfile.cpt

will find the correct key after 2318 guesses.

Exit Status

The exit status is 0 if at least one possible match is found, 1 if no matches are found, and >=2 if an error occurred.




Peter Selinger <selinger at>


October 2012 Version 1.10 Encryption