How to encrypt file using OpenSSL and AES-256 with SHA-256?
I found out by accident, here, that for openssl
version 1.1.0:
-md digest Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.
So, there is no point of specifying the message digest algorithm for the newer version of openssl
as it already uses SHA-256.
But since on my system there is openssl
version 1.0.2g, I dug further and found out, here, that:
... In OpenSSL 1.1.0 we changed from MD5 to SHA-256 ...
Essentially, this means, my openssl
will by default use the old and obsolete MD5.
Luckily, this can be changed to SHA-256 with openssl
version 1.0.2g:
openssl enc -aes-256-cbc -md sha256 -salt -in somefile -out somefile.enc
If you have an older openssl
version than me, you might want to try -md sha1
, if the above fails.
Related videos on Youtube
LinuxSecurityFreak
I am passionate about Linux systems. And a true IT nerd. 🖥️
Updated on September 18, 2022Comments
-
LinuxSecurityFreak over 1 year
System: Linux Mint 18.3 Cinnamon 64-bit.
OpenSSL: 1.0.2g
Ordinarily, I would encrypt a file as follows:
openssl enc -aes-256-cbc -salt -in somefile -out somefile.enc
But I wonder what algorithm will be used to hash my password and if I can change it?
-
dave_thompson_085 over 6 yearsDupe superuser.com/questions/455463/… except that was out of date until just now; for full details see crypto.stackexchange.com/questions/3298/… . Note that any single hash is a bad PBKDF; SHA-256 is not noticeably better than MD5. And
-salt
has been the default for over a decade, nearly two. -
user1686 over 6 years@dave_thompson_085: OpenSSL does use a KDF instead of simple hash, although it still seems to be homegrown and rather weak (see EVP_BytesToKey).
-
dave_thompson_085 over 6 years@grawity my answer to the crypto Q I linked explains this in detail. EVP_BytesToKey is a tweak of PBKDF1 from PKCS5, but commandline enc uses EVP_BytesToKey with iteration count 1 so it does only a single hash per output block, it does NOT actually iterate as PBKDF should. The bear agrees: security.stackexchange.com/questions/29106/…
-
Xen2050 over 6 yearsVlastimil: You're not using this for bulletproof security, are you? Consider GPG/PGP instead, it should still stump the biggest players. @dave_thompson_085 They're still only iterating once? Yowza. Moving away from MD5 is a baby step at least. Do they track the hash & encryption used, or you still have to remember yourself too? (I've quoted the bear too ;-)
-
-
anthony over 3 yearsWith all the changes to openssl (digest, and the new recommended pbkdf2 password hashing (which has been LONG overdue), it is now nessary to save more information (metadata) with encrypted files, so that you know how that specific encrypted file was actually encrypted. This is especially important as the default iteration count (10000) is woefully inadequate. As such you may like to look at a script that wrappers around "openssl enc" to save and re-read this metadata with the encrypted file. See antofthy.gitlab.io/software/#keepout