Commit 28bcba27 authored by Cédric Marie's avatar Cédric Marie

myzip/myunzip: Use more secure encryption

Replace bf-cbc with aes-256-cbc, which is supposed to be more secure.

Add -pbkdf2 option, as suggested by the warning:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Signed-off-by: default avatarCédric Marie <cedric@hjuvi.lautre.net>
parent c2549163
......@@ -45,7 +45,7 @@ dir=${file%.tar.xz}
dir=${dir%.*-*-*.*h*m*s}
[ -e "$dir" ] && printf "$dir already exists\n" && exit 1
if [ $option_crypt -eq 1 ]; then
openssl bf-cbc -d -a -in $1 -out $file
openssl aes-256-cbc -pbkdf2 -d -a -in $1 -out $file
fi
tar -Jxvf $file
[ $option_crypt -eq 1 ] && rm -f $file
......
......@@ -54,7 +54,7 @@ else
fi
tar -Jcvf $file $dir
if [ $option_crypt -eq 1 ]; then
openssl bf-cbc -e -a -salt -in $file -out $output_file
openssl aes-256-cbc -pbkdf2 -e -a -salt -in $file -out $output_file
rm -f $file
[ -f $output_file ] || exit 1
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment