Openssl VS Gpg for Encrypting Off-Site Backups

OpenSSL vs GPG for encrypting off-site backups?

I would pick GPG for file encryption, it's got decades of secure tested encryption, and is very easy to have multiple "recipients" (backup keys?) or signatures with it's public keys & even servers (if they would be useful).

With GPG, all the simple mistakes have been avoided/fixed, it picks a longer "random" key for the actual encryption and does a good number of "rounds" to make it very secure.

OpenSSL should be able to do all the same things, (it's been around since 1998, but if version numbers mean anything it reached version 1 in 2010) but it's very easy to make a mistake that could drastically lower the security. And from this post on security.stackexchange.com (from Jan 2013) and another by a 159K reputation user, the openssl enc command might leave something to be desired:

The encryption format used by OpenSSL is non-standard: it is "what OpenSSL does", and if all versions of OpenSSL tend to agree with each other, there is still no reference document which describes this format except OpenSSL source code. The header format is rather simple:

magic value (8 bytes): the bytes 53 61 6c 74 65 64 5f 5f
salt value (8 bytes)

Hence a fixed 16-byte header, beginning with the ASCII encoding of the string "Salted__", followed by the salt itself. That's all ! No indication of the encryption algorithm; you are supposed to keep track of that yourself.

The process by which the password and salt are turned into the key and IV is not documented, but a look at the source code shows that it calls the OpenSSL-specific EVP_BytesToKey() function, which uses a custom key derivation function with some repeated hashing. This is a non-standard and not-well vetted construct (!) which relies on the MD5 hash function of dubious reputation (!!); that function can be changed on the command-line with the undocumented -md flag (!!!); the "iteration count" is set by the enc command to 1 and cannot be changed (!!!!). This means that the first 16 bytes of the key will be equal to MD5(password||salt), and that's it.

This is quite weak ! Anybody who knows how to write code on a PC can try to crack such a scheme and will be able to "try" several dozens of millions of potential passwords per second (hundreds of millions will be achievable with a GPU). If you use "openssl enc", make sure your password has very high entropy ! (i.e. higher than usually recommended; aim for 80 bits, at least). Or, preferably, don't use it at all; instead, go for something more robust (GnuPG, when doing symmetric encryption for a password, uses a stronger KDF with many iterations of the underlying hash function).

man enc even has this under "BUGS":

There should be an option to allow an iteration count to be included.

How to use OpenSSL to encrypt/decrypt files?

Security Warning: AES-256-CBC does not provide authenticated encryption and is vulnerable to padding oracle attacks. You should use something like age instead.

Encrypt:

openssl aes-256-cbc -a -salt -pbkdf2 -in secrets.txt -out secrets.txt.enc

Decrypt:

openssl aes-256-cbc -d -a -pbkdf2 -in secrets.txt.enc -out secrets.txt.new

More details on the various flags

ssl encrypt large file using php for backup

First, have a look at Pro PHP Security by Chris Snyder and Michael Southwell from Apress. It will tell you all you need about encryption. There's a lot there.

From there you can download the source code for the book and look for a file called mcrypt.php in Chapter 6. It also comes with a sample implementation.

Good luck! And if it's useful to you, buy the ebook or dead tree version of the text. It's very informative and will teach you a lot! I'm not affiliated with Apress or the authors in any way, I'm just someone that found the book extremely useful.

How can I save my secret keys and password securely in my version control system?

Heroku pushes the use of environment variables for settings and secret keys:

The traditional approach for handling such config vars is to put them under source - in a properties file of some sort. This is an error-prone process, and is especially complicated for open source apps which often have to maintain separate (and private) branches with app-specific configurations.

A better solution is to use environment variables, and keep the keys out of the code. On a traditional host or working locally you can set environment vars in your bashrc. On Heroku, you use config vars.

With Foreman and .env files Heroku provide an enviable toolchain to export, import and synchronise environment variables.

Personally, I believe it's wrong to save secret keys alongside code. It's fundamentally inconsistent with source control, because the keys are for services extrinsic to the the code. The one boon would be that a developer can clone HEAD and run the application without any setup. However, suppose a developer checks out a historic revision of the code. Their copy will include last year's database password, so the application will fail against today's database.

With the Heroku method above, a developer can checkout last year's app, configure it with today's keys, and run it successfully against today's database.

how to make the postgre SQL backup password protected

PostgreSQL and PgAdmin have no built-in facility for backup encryption and password protection.

There are numerous ways you can encrypt backups. You can use gnupg, but I suspect you will be happier using a zip utility that supports encryption. I recommend 7zip, which supports the zip64 format and zip file encryption.

How to encrypt a large file in openssl using public key

Public-key crypto is not for encrypting arbitrarily long files. One uses a symmetric cipher (say AES) to do the normal encryption. Each time a new random symmetric key is generated, used, and then encrypted with the RSA cipher (public key). The ciphertext together with the encrypted symmetric key is transferred to the recipient. The recipient decrypts the symmetric key using his private key, and then uses the symmetric key to decrypt the message.

The private key is never shared, only the public key is used to encrypt the random symmetric cipher.


Related Topics

How to Make :Level Change Based on :Committed Days

How to Set Up a Sinatra App Under Apache with Passenger

Mongodb with Mongoid in Rails - Geospatial Indexing

How Much Performance Do You Get Out a Heroku Dynos/Workers

Relative Path to Your Project Directory

Rails Rbenv: Rails: Command Not Found

Adding a Staging Environment to the Workflow

How to Install Ruby-Oci8

Purpose of & (Ampersand) in Ruby for Procs and Calling Methods

Getting Rails Url Helpers to Automatically Output Https Urls

How to Export Environment Variable Permanently Using Ruby

Best Practice to Mark Deprecated Code in Ruby

Read Input from Console in Ruby

How Would You Test Observers with Rspec in a Ruby on Rails Application

What Are the Differences Between Rbenv, Rvm, and Chruby

How to Change the Position of an Array Element

Is 'Yield Self' the Same as Instance_Eval

Rvm Doesn't Switch Rubies


Leave a reply



Submit