OpenSSL encryptor: deprecated key derivation used

[jspeedz]

What went wrong?

I'm getting deprecation warnings with openSSL encryption.

[2019/09/05 08:38:52][info] Using Encryptor::OpenSSL to encrypt the archive.
[2019/09/05 08:40:22][warn] Pipeline STDERR Messages:
[2019/09/05 08:40:22][warn] (Note: may be interleaved if multiple commands returned error messages)
[2019/09/05 08:40:22][warn]
[2019/09/05 08:40:22][warn] *** WARNING : deprecated key derivation used.
[2019/09/05 08:40:22][warn] Using -iter or -pbkdf2 would be better.

What steps did you follow?

1. backup perform --trigger config
2. Check the log output

How is your copy of backup configured?

Use config encryption step:

encrypt_with OpenSSL do |encryption|
encryption.password = 'Some password'
encryption.base64 = true
encryption.salt = true
end

Tell us about the computer that runs the backup gem

• Operating system: Ubuntu 18.04.2 LTS
• Backup 4.4.1
• openssl version OpenSSL 1.1.1 11 Sep 2018

[jenrzzz]

This can be fixed with a monkeypatch in config.rb.

module OpenSSLFixDeprecatedKeyDerivation
  def options
    super + ' -pbkdf2'
  end
end

require 'backup/encryptor/open_ssl'
Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation)

OpenSSL 1.1.1+ or LibreSSL 2.9.1+ will be required to decrypt, and you'll need to pass -pbkdf2:

openssl aes-256-cbc -d -md sha256 -pbkdf2

[elthariel]

A merge request would have been appreciated 😆

[matkoniecz]

#983 seems merged

is it intentionally open? Is there a plan to release version with fix?

[jspeedz]

I came back here after installing on a new VPS and searching to find my own issue from 4 years ago. How time flies. The default ubuntu 22.04 install on ruby 2.3.8 still installs 4.4.1 with this issue.

Thanks for the monkeypatch and the merged fix!