-
Notifications
You must be signed in to change notification settings - Fork 675
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL encryptor: deprecated key derivation used #949
Comments
This can be fixed with a monkeypatch in module OpenSSLFixDeprecatedKeyDerivation
def options
super + ' -pbkdf2'
end
end
require 'backup/encryptor/open_ssl'
Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation) OpenSSL 1.1.1+ or LibreSSL 2.9.1+ will be required to decrypt, and you'll need to pass openssl aes-256-cbc -d -md sha256 -pbkdf2 |
A merge request would have been appreciated 😆 |
#983 seems merged is it intentionally open? Is there a plan to release version with fix? |
I came back here after installing on a new VPS and searching to find my own issue from 4 years ago. How time flies. The default ubuntu 22.04 install on ruby 2.3.8 still installs 4.4.1 with this issue. Thanks for the monkeypatch and the merged fix! |
What went wrong?
I'm getting deprecation warnings with openSSL encryption.
[2019/09/05 08:38:52][info] Using Encryptor::OpenSSL to encrypt the archive.
[2019/09/05 08:40:22][warn] Pipeline STDERR Messages:
[2019/09/05 08:40:22][warn] (Note: may be interleaved if multiple commands returned error messages)
[2019/09/05 08:40:22][warn]
[2019/09/05 08:40:22][warn] *** WARNING : deprecated key derivation used.
[2019/09/05 08:40:22][warn] Using -iter or -pbkdf2 would be better.
What steps did you follow?
How is your copy of backup configured?
Use config encryption step:
encrypt_with OpenSSL do |encryption|
encryption.password = 'Some password'
encryption.base64 = true
encryption.salt = true
end
Tell us about the computer that runs the backup gem
The text was updated successfully, but these errors were encountered: