[openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

Hanno Böck hanno at hboeck.de
Sat Nov 3 09:11:25 UTC 2018

On Sat, 3 Nov 2018 12:28:02 +0500
Марк Коренберг <socketpair at gmail.com> wrote:

> Try openssl cms ( as newer alternative to s/mime)

cms is not newer than s/mime, it's the underlying message format of

According to this
it only supports deprecated cipher modes (cbc, cfb, ofb, ecb) and has
exactly the malleability vulnerability the original poster was asking
about (including a wide variety of obscure and some insecure ciphers). I
don't think this should be recommended.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

More information about the openssl-users mailing list