2

I'd currently encrypt a stream by piping it through the following command:

openssl enc -aes-256-cbc -pass file:/[keyfile path]

Is there a reliable implementation of ChaCha20-Poly1305 that I can use instead?

Community
  • 1
knaccc
  • 220
  • 1
  • 5
  • 1
    Either your version of OpenSSL is too old or you did not look hard enough. `openssl enc --ciphers` offers me also chacha20. It's at least there since OpenSSL 1.1.0. – Steffen Ullrich Jun 21 '18 at 13:00

1 Answers1

3

Last I read openssl enc specifically avoids providing a MAC or AEAD cipher because they're worried about providing a footgun to inexperienced users. And rightfully so, if you were to pipe the decryption output somewhere that processes it (rather than a temporary file) you would be processing unauthenticated data, only verifying the authenticity after the damage has been done.

While it's possible to safely stream encryption, it is definitely not safe to stream decryption, so I expect you are unlikely to find such an implementation. If you do, expect it to be insecure.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50
  • Please could you comment on the effectiveness of using aes-256-gcm provided by openssl - specifically whether you would consider that flawed as a means of providing data integrity? – knaccc Jun 21 '18 at 18:09
  • 2
    @knaccc While openssl 1.0.2g lists `-aes-256-gcm` as a cipher, trying to use it causes an error: `AEAD ciphers not supported by the enc utility`. openssl 1.1.0h (and probably earlier, that's just the version I have on hand) no longer lists any gcm ciphers with `openssl enc --ciphers`. – AndrolGenhald Jun 21 '18 at 18:14
  • 2
    @AndrolGenhald Even worse, some of the earlier versions were broken and encrypted files using GCM could later not be decrypted. – forest Jun 22 '18 at 02:42