Hello Christian, On Thu, Feb 07, 2019 at 10:03:21PM +0100, Christian Weisgerber wrote: > Walter Alejandro Iglesias: > > > I usually encrypt my private files with this command: > > > > $ openssl aes-256-cbc -in file -salt -out file.enc > > > > and decrypt them with this another command: > > > > $ openssl aes-256-cbc -d -in file.enc -out file > > > > After upgrading to the latest snapshot I cannot longer decrypt the ones > > I'd encrypted before upgrading. > > The default message digest that is used to derive a key from the > password was changed from MD5 to SHA256. You can decrypt old files > by adding -md md5 to the decryption command.
Fine, it worked. > > Also, the -pbkdf2 option was added so you can use the standard > PBKDF2 key derivation function instead of the previous ad-hoc scheme. > I suggest you switch to > > $ openssl aes-256-cbc -pbkdf2 -in file -out file.enc > > when encrypting your files. Ok, I'll follow your suggestion. > > These changes are in line with OpenSSL 1.1. > > > And a corrupted file as output. The password I enter is correct. I > > still can decrypt those files in FreeBSD. > > I can tell that you are running FreeBSD 11.x or older. FreeBSD 12+ > uses OpenSSL 1.1 and is thus compatible with our new defaults. Right, I'm running 11.2. Thank you very much for your explanation. > > -- > Christian "naddy" Weisgerber [email protected] Walter
