[openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

Hanno Böck hanno at hboeck.de
Fri Nov 2 19:21:38 UTC 2018


Malleability means that an attacker who is able to modify your
encrypted data can - given some partial knowledge about the plaintext -
do some modification of the ciphertext that will lead to specific
modifications in the plaintext.

This can e.g. mean that if the attacker knows your plaintext is a tar
file he knows the first bytes. Thus by some clever XOR-ing he can
inject blocks into your ciphertext that he can control.

All of this was the basis of the efail attack earlier this year.

Ideally you don't want to use any cipher that is vulnerable to these
kinds of attacks. More modern cipher modes use authenticated
encryption, which means they'll detect if modifications have happened.
Such modes are e.g. GCM or Poly1305.

As for OpenSSL CLI vs. GnuPG, neither of them is ideal, but GnuPG is
better. It uses a hash to provide some kind of authentication. It's not
really an authenticated encryption mode, but it comes close.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

More information about the openssl-users mailing list