| Message ID | 20240724101642.122181-1-stefano.babic@swupdate.org |
|---|---|
| State | New |
| Delegated to: | Stefano Babic |
| Headers | show |
| Series | doc: add -pbkdf2 to openssl gen key example | expand |
Stefano Babic wrote on Wed, Jul 24, 2024 at 12:16:42PM +0200: > The flag removes the following warnings: > > *** WARNING : deprecated key derivation used. > Using -iter or -pbkdf2 would be better. Not to contest this but I don't see what part of 'openssl rand' would print that, is it printed later? You'd get it if you're not entering the key with -K, but then the key would also not be useable for decryption in swupdate as the openssl cli would use another weaker derivation functions, but using -K skips this altogether. <unsolicited rambling> Generally pbkdf2/key derivation is used when the key is weak-ish to derive a more random looking key (so e.g. 'password1' and 'password2' would look like totally different keys), and also making bruteforcing more work (since bruteforcing would try to guess the original password and then feed it through the same derivation algorithm) When the key is properly random, then an attacker has no benefit of trying to use the same key derivation algorithm and they can just bruteforce the final key directly just as fast (well, there are many possible keys, so just as slow) ; the key derivation does not bring anything and I consider it clearer not to use one </rambling> > and the output can be used as it is by meta-swupdate to encrypt > artefacts. Now this is probably interesting enough to warrant the change anyway, I don't use meta-swupdate to know.
Hi Dominique, On 25.07.24 05:57, Dominique MARTINET wrote: > Stefano Babic wrote on Wed, Jul 24, 2024 at 12:16:42PM +0200: >> The flag removes the following warnings: >> >> *** WARNING : deprecated key derivation used. >> Using -iter or -pbkdf2 would be better. > > Not to contest this but I don't see what part of 'openssl rand' would > print that, is it printed later? > > You'd get it if you're not entering the key with -K, but then the key > would also not be useable for decryption in swupdate as the openssl cli > would use another weaker derivation functions, but using -K skips this > altogether. It is good you contest :-) I had a report about mismatch when creating the keys with openSSL, but the current documentation is not wrong. The confusion raises with meta-swupdate, because the class reads the key in openSSL format (lines with key / iv). Anyway, if something should be changed, should be in the Yocto build page and not here. I drop the patch, thanks ! Best regards, Stefano > > > <unsolicited rambling> > Generally pbkdf2/key derivation is used when the key is weak-ish to > derive a more random looking key (so e.g. 'password1' and 'password2' > would look like totally different keys), and also making bruteforcing > more work (since bruteforcing would try to guess the original password > and then feed it through the same derivation algorithm) > > When the key is properly random, then an attacker has no benefit of > trying to use the same key derivation algorithm and they can just > bruteforce the final key directly just as fast (well, there are many > possible keys, so just as slow) ; the key derivation does not bring > anything and I consider it clearer not to use one > </rambling> > >> and the output can be used as it is by meta-swupdate to encrypt >> artefacts. > > Now this is probably interesting enough to warrant the change anyway, > I don't use meta-swupdate to know. >
diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index c70ed784..7aef84a1 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -19,10 +19,8 @@ A complete documentation can be found at the :: - openssl rand -hex 32 - # key, for example 390ad54490a4a5f53722291023c19e08ffb5c4677a59e958c96ffa6e641df040 - openssl rand -hex 16 - # IV, for example d5d601bacfe13100b149177318ebc7a4 + printf "%s" "$(openssl rand -hex 32)" | openssl enc -kfile - -aes-256-cbc -P -md sha1 -nosalt -pbkdf2 + Then, encrypt an image using this information via
The flag removes the following warnings: *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. and the output can be used as it is by meta-swupdate to encrypt artefacts. Signed-off-by: Stefano Babic <stefano.babic@swupdate.org> --- doc/source/encrypted_images.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) -- 2.34.1