use pbkdf2 since it is available in new versions of openssl

2025-08-02 11:20:05 +02:00 · 2019-11-25 16:28:35 +01:00
parent 61c63ef70e
commit 63ac438831
1 changed files with 2 additions and 2 deletions
--- a/sshenc.sh
+++ b/sshenc.sh
@@ -66,7 +66,7 @@ if [[ "${#public_key[@]}" > 0 ]]; then
    done
    echo "-- /keys"

-    if cat | openssl enc -aes-256-cbc -salt -pass file:"$temp_file_key" > "$temp_file"; then
+    if cat | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:"$temp_file_key" > "$temp_file"; then
        openssl base64 -A < "$temp_file"
    fi

@@ -91,7 +91,7 @@ elif [[ -e "$private_key" ]]; then
    for key in "${keys[@]}"
    do
        if ((echo "$key" | openssl base64 -d -A | openssl rsautl -decrypt -ssl -inkey "$private_key" > "$temp_file") > /dev/null 2>&1); then
-            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -d -pass file:"$temp_file"; then
+            if echo "$cypher" | openssl base64 -d -A | openssl aes-256-cbc -pbkdf2 -iter 100000 -d -pass file:"$temp_file"; then
                decrypted=true
            fi
        fi