On Tue, Sep 26, 2006, Alexander Mack wrote: > Hi everyone! > > I want to use openssl aes256 cypher to encrypt a 'tar'ed directory right > before it's copied to tape. This line does the job very well: > > tar cvzpf - $TARGETFILE | openssl enc -aes-256-cbc -salt -pass > "pass:$ENCPASS" -out $TAPEDEV > > with ENCPASS set to the password. > > But I'm having second thoughts if the data isn't completely readable > from tape any more. If the tar file was unencrypted, I would lose about > one or two files in the tar-archive but I would get everything back > behind the error. > > But what will happen if an error occurs upon reading the encrpyted > tar-file back from tape? Think of a theoretical single-bit-error or a > not-so-small amount of unreadable data (e.g. whole blocks due to > crc-errors) from tape. How condoning ist aes256 cbc? Will everything > after the error go to hell?
Well you could try dumping the data to a file and seeing what happens when you deliberately corrupt it. In general the block (for AES this is 16 bytes) containig an error will be lost and due to CBC mode the following block will be lost too. Data following that will be OK. To see why look at the description of how CBC mode works. There is an exception to this. The first part of the data contains the salt value which is critical. If that is unreadable you lose the whole lot. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
