不要使用openssl默认密钥派生。

目前公认的答案使用它，它不再被推荐和安全。

对于攻击者来说，简单地暴力破解密钥是非常可行的。

https://www.ietf.org/rfc/rfc2898.txt

PBKDF1 applies a hash function, which shall be MD2 [6], MD5 [19] or SHA-1 [18], to derive keys. The length of the derived key is bounded by the length of the hash function output, which is 16 octets for MD2 and MD5 and 20 octets for SHA-1. PBKDF1 is compatible with the key derivation process in PKCS #5 v1.5. PBKDF1 is recommended only for compatibility with existing applications since the keys it produces may not be large enough for some applications. PBKDF2 applies a pseudorandom function (see Appendix B.1 for an example) to derive keys. The length of the derived key is essentially unbounded. (However, the maximum effective search space for the derived key may be limited by the structure of the underlying pseudorandom function. See Appendix B.1 for further discussion.) PBKDF2 is recommended for new applications.

这样做:

Openssl enc -aes-256-cbc -pbkdf2 -iter 20000 -in hello -out hello。Enc -k喵

Openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 - hello。出来你好，出来

注意:解密中的迭代必须与加密中的迭代相同。

迭代最少要达到10000次。 这里有一个关于迭代次数的很好的答案:https://security.stackexchange.com/a/3993

也……推荐GPG的人已经够多了。读那该死的问题。

注意，OpenSSL CLI使用弱非标准算法将密码码转换为密钥，安装GPG会导致添加到主目录的各种文件，并运行GPG -agent后台进程。如果您希望最大限度地利用现有工具进行可移植性和控制，您可以使用PHP或Python来访问底层api，并直接传入完整的AES Key和IV。

示例PHP调用通过Bash:

IV='c2FtcGxlLWFlcy1pdjEyMw=='
KEY='Twsn8eh2w2HbVCF5zKArlY+Mv5ZwVyaGlk5QkeoSlmc='
INPUT=123456789023456

ENCRYPTED=$(php -r "print(openssl_encrypt('$INPUT','aes-256-ctr',base64_decode('$KEY'),OPENSSL_ZERO_PADDING,base64_decode('$IV')));")
echo '$ENCRYPTED='$ENCRYPTED
DECRYPTED=$(php -r "print(openssl_decrypt('$ENCRYPTED','aes-256-ctr',base64_decode('$KEY'),OPENSSL_ZERO_PADDING,base64_decode('$IV')));")
echo '$DECRYPTED='$DECRYPTED

这个输出:

$ENCRYPTED=nzRi252dayEsGXZOTPXW
$DECRYPTED=123456789023456

您还可以使用PHP的openssl_pbkdf2函数安全地将密码短语转换为密钥。

加密:

$ openssl bf < arquivo.txt > arquivo.txt.bf

解密:

$ openssl bf -d < arquivo.txt.bf > arquivo.txt

bf ===河豚在CBC模式

不要使用openssl默认密钥派生。

目前公认的答案使用它，它不再被推荐和安全。

对于攻击者来说，简单地暴力破解密钥是非常可行的。

https://www.ietf.org/rfc/rfc2898.txt

PBKDF1 applies a hash function, which shall be MD2 [6], MD5 [19] or SHA-1 [18], to derive keys. The length of the derived key is bounded by the length of the hash function output, which is 16 octets for MD2 and MD5 and 20 octets for SHA-1. PBKDF1 is compatible with the key derivation process in PKCS #5 v1.5. PBKDF1 is recommended only for compatibility with existing applications since the keys it produces may not be large enough for some applications. PBKDF2 applies a pseudorandom function (see Appendix B.1 for an example) to derive keys. The length of the derived key is essentially unbounded. (However, the maximum effective search space for the derived key may be limited by the structure of the underlying pseudorandom function. See Appendix B.1 for further discussion.) PBKDF2 is recommended for new applications.

这样做:

Openssl enc -aes-256-cbc -pbkdf2 -iter 20000 -in hello -out hello。Enc -k喵

Openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 - hello。出来你好，出来

注意:解密中的迭代必须与加密中的迭代相同。

迭代最少要达到10000次。 这里有一个关于迭代次数的很好的答案:https://security.stackexchange.com/a/3993

也……推荐GPG的人已经够多了。读那该死的问题。

安全警告:AES-256-CBC不提供经过身份验证的加密，容易受到填充oracle攻击。你应该用年龄之类的词来代替。

加密:

openssl aes-256-cbc -a -salt -pbkdf2 -in secrets.txt -out secrets.txt.enc

解密:

openssl aes-256-cbc -d -a -pbkdf2 -in secrets.txt.enc -out secrets.txt.new

关于各种标志的更多细节

我在网上找到了一个开源程序，它使用openssl来加密和解密文件。它只用一个密码就能做到这一点。这个开源脚本的伟大之处在于，它通过分解文件来删除原始的未加密文件。但危险的是，一旦原始的未加密文件消失了，你必须确保你记住了你的密码，否则他们就没有其他方法来解密你的文件。

这是github上的链接

https://github.com/EgbieAnderson1/linux_file_encryptor/blob/master/file_encrypt.py