[openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

Nicholas Papadonis nick.papadonis.ml at gmail.com
Fri Nov 2 18:29:17 UTC 2018

Security Experts,

I'm considering encrypting a tar archive and optionally a block file system
(via FUSE) using either utility.  Does anyone have comments on the best
practices and tools for either?

I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack
vector and it's CLI interface should not be use directly for production.  I
have also read that GPG is the suggested alternative to OpenSSL CLI due to
this.  I have followed through with the OpenSSL CLI AES tests and am
curious where the malleable attack is (in the pipe?).  I am also curious to
why GPG, which is an asymmetric key manager, is used for file based
encryption when only a single key is required.  How does GPG solve this
malleable attack vector.

A security expert's guidance here is much appreciated.

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181102/a38d8fdc/attachment.html>

More information about the openssl-users mailing list