https-keyscript icon indicating copy to clipboard operation
https-keyscript copied to clipboard
verified publisher icon stupidpupil

*** WARNING : deprecated key derivation used

Open yeupou opened this issue 6 years ago • 2 comments

Current script returns:

*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.

Why not using openssl defaults? Ending up with:

decrypted_keyfile=$(echo "$encrypted_keyfile" | openssl enc -base64 -d -salt -k "$openssl_passphrase")

yeupou avatar Mar 18 '20 14:03 yeupou

One problem is that the defaults can change (and indeed have done #1 ), so you either to store the parameters somewhere or hardcode them, AFAICT.

I wonder if the deprecation warning actually relates to using "-k" instead of "-pass pass:"; I'll check this.

stupidpupil avatar Mar 30 '20 16:03 stupidpupil

One problem is that the defaults can change (and indeed have done #1 ), so you either to store the parameters somewhere or hardcode them, AFAICT.

It would be nice if there would be a simple configuration file for https-keyscript.

btw, this issue could be fixed by https://github.com/stupidpupil/https-keyscript/pull/11

brknkfr avatar Nov 10 '20 21:11 brknkfr