openssl enc issues deprecation warnings #3

New issue

Closed

opened 2022-02-15 12:10:55 +01:00 by heiko · 1 comment

heiko commented 2022-02-15 12:10:55 +01:00

Owner

Copy link

If the blocks are saved encrypted, we use openssl enc with a passphrase file. Newer OpenSSL implementations issue a warning that
-iter or -pbkdf2 should be used.

Just adding the wanted options doesn't help, as for decrypting we need to kow the value of -iter or -pbkdf2.

A possible workaround is a re-encryption of the whole backups. Maybe this isn't a workaround only, as it increases security, but it is quite demanding in terms of CPU and disk usage, I suppose.

If the blocks are saved encrypted, we use `openssl enc` with a passphrase file. Newer OpenSSL implementations issue a warning that `-iter` or `-pbkdf2` should be used. Just adding the wanted options doesn't help, as for decrypting we need to kow the value of `-iter` or `-pbkdf2`. A possible workaround is a re-encryption of the whole backups. Maybe this isn't a workaround only, as it increases security, but it is quite demanding in terms of CPU and disk usage, I suppose.

heiko self-assigned this 2022-02-15 12:10:56 +01:00

heiko referenced this issue from a commit 2022-02-20 22:43:44 +01:00

Introduce .2 for "-aes-128-cbc -pdkdf2" (closes #3)

heiko closed this issue 2022-02-20 22:43:44 +01:00

heiko referenced this issue from a commit 2022-02-20 22:47:34 +01:00

Introduce .2 for "-aes-128-cbc -pdkdf2" (closes #3)

heiko commented 2022-02-21 13:03:13 +01:00

Author

Owner

Copy link

New backups are now created using the .2 extension and using OpenSSL options that avoid the warning.

We should think about a way to re-encrypt existing backups.

New backups are now created using the `.2` extension and using OpenSSL options that avoid the warning. We should think about a way to re-encrypt existing backups.

heiko added a new dependency 2022-02-21 13:03:28 +01:00

#4 provide tool for re-encryption

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

debian

go

debian/1.3_rc4-1

1.3-rc4

debian/1.3-rc2-1

1.3-rc2

debian/1.3-rc1-1

1.3-rc1

debian/1.3-rc0-3

1.3-rc0

debian/1.2.1-1

1.2.1

debian/1.2-1

1.2

debian/1.1-1

1.1

debian/1.0-1

1.0

debian/0.21

debian/0.20

debian/0.19

debian/0.18

debian/0.17

debian/0.16

Labels

Clear labels

  

bug

Something is not working

  

doc

Missing or wrong documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

This is security relevant

  

wontfix

This won't be fixed

No labels

bug

doc

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

heiko

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on

#4 provide tool for re-encryption

IUS/imager

Reference

IUS/imager#3

No description provided.