How should I change encryption according to *** WARNING : deprecated key derivation used
Solution 1:
Comparing the Synopsys of the two main and recent versions of OpenSSL, let me quote the man pages.
OpenSSL 1.1.0
openssl enc -ciphername [-help] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a/-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-p] [-P] [-bufsize number] [-nopad] [-debug] [-none] [-engine id]
OpenSSL 1.1.1
openssl enc -cipher [-help] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number] [-nopad] [-debug] [-none] [-rand file...] [-writerand file] [-engine id]
There obviously are some greater differences, namely considering this question, there are these two switches missing in the 1.1.0:
-
pbkdf2
-
iter
You have basically two options now. Either ignore the warning or adjust your encryption command to something like:
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -in InputFilePath -out OutputFilePath
Where these switches:
-
-aes-256-cbc
is what you should use for maximum protection or the 128-bit version, the 3DES (Triple DES) got abandoned some time ago, see Triple DES has been deprecated by NIST in 2017, while AES gets accelerated by all modern CPUs by a lot; you can simply verify if your CPU has the AES-NI instruction set for example usinggrep aes /proc/cpuinfo
; win, win -
-md sha512
is the faster variant of SHA-2 functions family compared to SHA-256 while it might be a bit more secure; win, win -
-pbkdf2
: use PBKDF2 (Password-Based Key Derivation Function 2) algorithm -
-iter 100000
is overriding the default count of iterations for the password, quoting the man page:Use a given number of iterations on the password in deriving the encryption key. High values increase the time required to brute-force the resulting file. This option enables the use of PBKDF2 algorithm to derive the key.
Solution 2:
The other answer is essentially correct. though other things have changed around these versions (v1.1.0 and v1.1.1) that is good to be aware of.
First the default password hashing digest has changed, going from md5 to sha512
And second the addition the "-pbkdf2" "-iter" which has been needed for a long time. However the default iteration count is far too low, and should be set as high as possible without becoming too annoying. Big enough to take 1 to 2 seconds is generally acceptable for both encrypting and decrypting, but makes it very very difficult for brute forced password guessing.
The problem is now we have all these new options and defaults, as well as different digests and cyphers, you need to remember all these options do you can decrypt the encrypted file. That is whatever options was decided on to encrypt must be used to decrypt. However openssl only stores some 'file magic' (EG "Salted__" at the start of the file), and the random "salt" that was used, with the encrypted file. It leaves it up to you to remember everything else!
Aespipe is a old program that got around this by saving some of this information as a extra header to the encrypted data, but it is now becomming dated, and its format does not allow for the new options, or for easy expansion.
As a alternative I have been creating a new script "keepout" as a wrapper around "openssl enc" to save those extra options that is needed to remember how to decrypt that specific file, even as newer options, cyphers, or larger iterations are used when encrypting. Basically it saves the openssl option needed with the data.
https://antofthy.gitlab.io/software/#keepout