Skip to content

Instantly share code, notes, and snippets.

@oz

oz/log.md

Created December 12, 2022 19:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save oz/9a1b58bceadac3ce1089101cc18a819c to your computer and use it in GitHub Desktop.
Save oz/9a1b58bceadac3ce1089101cc18a819c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
log.md

Let's encrypt stuff with openssl

$ uname -a
Linux polaris 6.0.10-arch2-1 #1 SMP PREEMPT_DYNAMIC Sat, 26 Nov 2022 16:51:18 +0000 x86_64 GNU/Linux
$ echo hello ssl > file.txt
$ openssl enc -aes-256-cbc \
  -pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
  -in file.txt -out file.enc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

Good, we have a very encrypted file, with a very secure shared key.

The warning is OpenSSL letting you know that it would rather you used -pbkdf2 to generate a stronger key. You should use it, but LibreSSL doesn't have the flag, so let's skip it here and pretend all things are equal.

BTW, can we decrypt our blob?

$ openssl enc -d -aes-256-cbc \
  -pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
  -in file.enc -out -
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
hello ssl

Nice. Let's copy file.enc around, say to MacOS (12.6), and see what LibreSSL has to say:

$ uname -a
Darwin ceiba.local 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101 arm64
$ openssl enc -d -aes-256-cbc \
  -pass pass:1234567890abcdefgijklmnopqrstuvwxyz \
  -in file.enc -out file.txt
bad decrypt

Oh no.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment