[Bug 426513] Re: openssl enc documentation incorrect

Maarten Bezemer maarten.bezemer at gmail.com
Sun May 13 08:31:26 UTC 2012 

The man pages states (for Precise):

       -salt
           use a salt in the key derivation routines. This is the default.

       -nosalt
           don't use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL and SSLeay.

It is now clear enough that -salt is enabled by default, therefore I'll
close this report

** Changed in: openssl (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/426513

Title:
  openssl enc documentation incorrect

Status in “openssl” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: openssl

  1) This affects openssl in Ubuntu 9.04.

  2) This affects openssl 0.9.8g-15ubuntu3.

  3) The OpenSSL enc(1) man page has this to say about key derivation:

  -salt
  use a salt in the key derivation routines.  This option should ALWAYS be used unless compatibility with previous versions of OpenSSL or SSLeay is required.  This option is only present on OpenSSL versions 0.9.5 or above.

  -nosalt
  don't use a salt in the key derivation routines.  This is the default for compatibility with previous versions of OpenSSL and SSLeay.

  I expect that when I enter:

  $ openssl enc -aes-128-cbc -k foo -P

  That openssl will return an unsalted key and initialization vector.

  4) What I get instead is:
  salt=<8 byte salt>
  key=<16 byte key>
  iv =<16 byte iv>

  The salt, key, and iv are different each time because openssl is using
  a salt.  If I execute 'openssl enc -aes-128-cbc -nosalt -k foo -P' I
  get the same key and initialization vector each time, with no salt
  value in the output (which is what I expect even without using the
  '-nosalt' option).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/426513/+subscriptions

More information about the foundations-bugs mailing list