Try openssl cms ( as newer alternative to s/mime) пт, 2 нояб. 2018 г. в 23:30, Nicholas Papadonis <nick.papadonis...@gmail.com>: > > Security Experts, > > I'm considering encrypting a tar archive and optionally a block file system > (via FUSE) using either utility. Does anyone have comments on the best > practices and tools for either? > > I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack > vector and it's CLI interface should not be use directly for production. I > have also read that GPG is the suggested alternative to OpenSSL CLI due to > this. I have followed through with the OpenSSL CLI AES tests and am curious > where the malleable attack is (in the pipe?). I am also curious to why GPG, > which is an asymmetric key manager, is used for file based encryption when > only a single key is required. How does GPG solve this malleable attack > vector. > > A security expert's guidance here is much appreciated. > > Thank you, > Nicholas > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- Segmentation fault -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users