Your message dated Sun, 22 Mar 2026 09:20:17 +0100
with message-id <[email protected]>
and subject line Re: Bug#861285: [Pkg-openssl-devel] Bug#861285: openssl enc -k
path-for-keyphrase-file ...c does not fail if the keyphrase-file is missing.
has caused the Debian Bug report #861285,
regarding openssl enc -k path-for-keyphrase-file ...c does not fail if the
keyphrase-file is missing.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
861285: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861285
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.1.0e-1
Severity: major
Tags: upstream
Dear Maintainer,
*** Reporter, please consider answering these questions, where
appropriate ***
* What led up to the situation?
I ran the following command after setting up the
environment variables appropriately.
E.g.:
KFILE=path-for-passphrase-file (say, ~/mypass)
BNAME=file-to-be-encrypted
openssl enc -k ${KFILE} -in ${BNAME} -out ${BNAME}.enc -aes-256-cbc
To my surprise if ${KFILE} is missing, openssl does not complain
and seems to encrypt the input file anyway: but with what passphrase?!
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
We may end up with an encrypted file that noo ne can possibly decrypt !?
If, the intent is to remove the original file AFTER the encryption
takes place, then we lose the original file forever!
Possible DATA LOSS. BAD!
* What outcome did you expect instead?
I would rather see openssl complain that the passphrase file is
missing LOUD and CLEAR (and returns an error code. I checked that the
following does not print "fail".
openssl enc -k ${KFILE} -in ${BNAME} -out ${BNAME}.enc -aes-256-cbc ||
echo fail
)
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 9.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.19.5 (SMP w/4 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssl depends on:
ii libc6 2.24-9
ii libssl1.1 1.1.0e-1
ii perl 5.24.1-2
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20161130
-- no debconf information
--- End Message ---
--- Begin Message ---
On 2017-04-27 14:08:08 [+0200], To ISHIKAWA, chiaki wrote:
> On 2017-04-27 08:46:10 [+0900], ISHIKAWA,chiaki wrote:
> > KFILE=path-for-passphrase-file (say, ~/mypass)
> > BNAME=file-to-be-encrypted
> >
> > openssl enc -k ${KFILE} -in ${BNAME} -out ${BNAME}.enc -aes-256-cbc
> >
> > To my surprise if ${KFILE} is missing, openssl does not complain
> > and seems to encrypt the input file anyway: but with what passphrase?!
> …
> > I would rather see openssl complain that the passphrase file is
> > missing LOUD and CLEAR (and returns an error code. I checked that the
> > following does not print "fail".
>
> $ openssl enc --help 2>&1|grep -- -k
> -k val Passphrase
> -kfile infile Read passphrase from file
>
> I think you mixed up -k with -kfile.
Old me should have closed this.
Sebastian
--- End Message ---
