Ask HN: Is openssl enc a good choice for file encryption?

7 points

9 years ago

I recently read a blog post[1] where the author shows how to use openssl to encrypt a file that will be uploaded to an untrusted third-party.

The encryption process is as follows:

# Generate RSA key pair

  openssl genrsa -out backup_key.priv.pem 4096
  openssl rsa -in backup_key.priv.pem -out backup_key.pub.pem -outform PEM -pubout

# Encrypt the private key (need to enter a password)

  openssl enc -aes-256-cbc -in backup_key.priv.pem -out backup_key.priv.pem.enc
  rm backup_key.priv.pem

# Encrypt backup file

  openssl rand 64 | tee >(openssl enc -aes-256-cbc -salt -pass stdin -in backup.tar.gz 
  -out backup.tar.gz.enc) | 
  openssl rsautl -encrypt -pubin -inkey backup_key.pub.pem -out backup.tar.gz-aeskey.enc

I'm not a cryptographer, but knowing that openssl has suffered from numerous vulnerabilities I decided to google `openssl enc` to get a sense of its security. After reading:

"if you use `openssl enc`, make sure your password has high entropy"[2]

"it looks like openssl enc is still using a very weak KDF"[3]

"The commandline utilities in general are fairly minimal wrappers around functionality in libssl and libcrypto, and if you want something complete, polished, convenient, etc. the idea is you should either modify or replace them"[4]

I'm left wondering if using openssl for file encryption is a good choice if security is paramount.

Can crypto experts please comment. Thanks in advance.

[1]: https://summitroute.com/blog/2016/12/25/creating_disaster_recovery_backups/

[2]: https://security.stackexchange.com/a/29139

[3]: https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase#comment202222_29139

[4]: https://security.stackexchange.com/a/129067

16 comments