[openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

Марк Коренберг socketpair at gmail.com
Sat Nov 3 07:28:02 UTC 2018


Try openssl cms ( as newer alternative to s/mime)
пт, 2 нояб. 2018 г. в 23:30, Nicholas Papadonis <nick.papadonis.ml at gmail.com>:
>
> Security Experts,
>
> I'm considering encrypting a tar archive and optionally a block file system (via FUSE) using either utility.  Does anyone have comments on the best practices and tools for either?
>
> I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack vector and it's CLI interface should not be use directly for production.  I have also read that GPG is the suggested alternative to OpenSSL CLI due to this.  I have followed through with the OpenSSL CLI AES tests and am curious where the malleable attack is (in the pipe?).  I am also curious to why GPG, which is an asymmetric key manager, is used for file based encryption when only a single key is required.  How does GPG solve this malleable attack vector.
>
> A security expert's guidance here is much appreciated.
>
> Thank you,
> Nicholas
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Segmentation fault


More information about the openssl-users mailing list