On Sat, Apr 07, 2012 at 03:39:13PM +0200, Sebastian Andrzej Siewior via RT wrote: > The command > |openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -base64 < file > > file.enc.b64 > > first performs the encryption followed by base64 encoding. That means the > output > is base64 encoded as requests. > > The command > |openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -z < file > > file.enc.z > > first performs the encryption followed by compression. That means the > encrypted > data is compressed which should not give any improvement because a good > encryption algorithm should not produce anything that can be compressed. > > The command > | openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -z -base64 < file > > file.enc.z.base64 > > first performs the encryption, followed by base64 encoding followed by > compression. The output is no longer base64 encoded as requests but compressed > by zlib. > > This patch changes the order of the individual steps to > - compress the input > - encrypt the content > - encode is as base64 > > the -d step is in reverse order. > That means the last command will produce a base64 encoded file which was > compressed before encrypted. > > The *now* created files are no longer compatible with the files created with > an earlier version of openssl if the -z option was involved. > > To get the "old" content with new binary the following step is required: > | openssl enc -d -z < file.old | \ > | openssl enc -d -aes-256-cbc > file > > where the first step simply decompresses the content and the second performs > the > decryption. > > Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
ping Sebastian ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org