Let's encrypt stuff with openssl
$ uname -a
Linux polaris 6.0.10-arch2-1 #1 SMP PREEMPT_DYNAMIC Sat, 26 Nov 2022 16:51:18 +0000 x86_64 GNU/Linux
$ echo hello ssl > file.txt
$ openssl enc -aes-256-cbc \
-pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
-in file.txt -out file.enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Good, we have a very encrypted file, with a very secure shared key.
The warning is OpenSSL letting you know that it would rather you used
-pbkdf2
to generate a stronger key. You should use it, but
LibreSSL doesn't have the flag, so let's skip it here and pretend all
things are equal.
BTW, can we decrypt our blob?
$ openssl enc -d -aes-256-cbc \
-pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
-in file.enc -out -
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
hello ssl
Nice. Let's copy file.enc
around, say to MacOS (12.6), and see what
LibreSSL has to say:
$ uname -a
Darwin ceiba.local 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101 arm64
$ openssl enc -d -aes-256-cbc \
-pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
-in file.enc -out file.txt
bad decrypt
Oh no.