Update openssl command to follow recommandation

[nioupola]

Hello,

openssl recommand to use a derivation function for encryption with password.

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

You can found the documentation about PBKDF2 here : https://en.wikipedia.org/wiki/PBKDF2 and https://www.openssl.org/docs/manmaster/man1/openssl-enc.html

Thanks for the script. It's really useful 😃

[nodesocket]

@darKitty oops, I thought this was an issue before. This PR looks good. Would you mind making another small change while you are here?

Can you update:
https://github.com/nodesocket/cryptr/pull/3/files#diff-b9f0ea90437ded673eb9019ac15f1d34R49
https://github.com/nodesocket/cryptr/pull/3/files#diff-b9f0ea90437ded673eb9019ac15f1d34R51

To use the same format as decrypt for the out file. Just change $_file".aes to "${_file%\.aes}".

[nioupola]

Done ❤️ :)

[nodesocket]

So I assume if you've encrypted a file previously, and then you update to this version using pbkdf2 it won't work. I.E. this is a breaking change?

[nioupola]

Let me check if it work to decrypt a file encrypt without this parameter.

[nioupola]

It is not a breaking change. I try to encrypt without and decrypt with, and I get back the same origin file :)

[nodesocket]

@darKitty actually what version of OpenSSL is required to support this flag? I am getting:

MacBook-Pro ➜  tests git:(master) ✗ ./test.bash
[notice] using environment variable CRYPTR_PASSWORD for the password
unknown option '-pbkdf2'

I am running:

OpenSSL 0.9.8zh 3 Dec 2015

[nioupola]

I'm using OpenSSL 1.1.1c 28 May 2019. Good point. I will add a test to check the version and the option (only available since 1.1.0)

[nodesocket]

@tete2soja I just merged this into a release 2.2.0 but still getting:

unknown option '-pbkdf2'

On macOS using OpenSSL OpenSSL 0.9.8zh 3 Dec 2015

[adam12]

No errors here. 2.2.0 working fine.

OpenSSL 1.1.1g FIPS 21 Apr 2020 on Fedora release 31 (Thirty One).