Walter Alejandro Iglesias: > I usually encrypt my private files with this command: > > $ openssl aes-256-cbc -in file -salt -out file.enc > > and decrypt them with this another command: > > $ openssl aes-256-cbc -d -in file.enc -out file > > After upgrading to the latest snapshot I cannot longer decrypt the ones > I'd encrypted before upgrading.
The default message digest that is used to derive a key from the password was changed from MD5 to SHA256. You can decrypt old files by adding -md md5 to the decryption command. Also, the -pbkdf2 option was added so you can use the standard PBKDF2 key derivation function instead of the previous ad-hoc scheme. I suggest you switch to $ openssl aes-256-cbc -pbkdf2 -in file -out file.enc when encrypting your files. These changes are in line with OpenSSL 1.1. > And a corrupted file as output. The password I enter is correct. I > still can decrypt those files in FreeBSD. I can tell that you are running FreeBSD 11.x or older. FreeBSD 12+ uses OpenSSL 1.1 and is thus compatible with our new defaults. -- Christian "naddy" Weisgerber [email protected]
