On Mon, May 25, 2009 at 10:06:01PM +0100, RW wrote: > On Mon, 25 May 2009 21:00:39 +0200 > Roland Smith <rsm...@xs4all.nl> wrote: > > > > Or you can use the -nosalt option. But as explained in > > [http://www.openssl.org/docs/apps/enc.html], using a random salt by > > default is a design decision because: "Without the -salt option it is > > possible to perform efficient dictionary attacks on the password". > > That doesn't sound good, does it? > > It's not a problem since she's using a random key file, not a weak > password.
But a key alone is not sufficient. You'll need to specify an initialization vector as well, using the -iv option. E.g.: openssl enc -aes256 -in <infile> -out <outfile>.aes \ -K 971001EE50DCDBCAF3F521851E773B0285838CA549E2258C1A195565D61F2145 \ -iv FD246E34A631AE38 If you try it with only a key or keyfile, you'll get a 'iv undefined' error, resulting in a zero-length output file. :-( If you use a password (-pass) you don't need an iv. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpIAoJzo6z8k.pgp
Description: PGP signature