Comments (5)
Thank you for the lightning-fast reply. I can confirm that lock/unlock does work with the suggested workaround.
Anyway this made me curious about the default openssl on macOS, which turns out to be LibreSSL 2.8.3.
So I tried openssl 1.1, which can be installed via Homebrew: turns out openssl 1.1 accepts the new improved crypto settings.
So maybe this could be a workaround for mac users:
# Get openssl via HomeBrew
brew install openssl
# Create alias to replace libressl with openssl only for encpass.sh
alias encpass.sh="export PATH=\"/usr/local/opt/[email protected]/bin:$PATH\" ; encpass.sh"
from encpass.sh.
Thanks for reporting this. I don't normally use MacOS, but I thought at one point I had tested this and locking had worked. I went back and looked at the "openssl enc" command and it looks like on MacOS the default openssl does not support setting the pseudorandom function pbkdf2 to use 10,000 iterations to more securely encrypt the key file. I'll need to review this further to see why this is and if there is an alternative way to set this on MacOS.
In the meantime, as a workaround you can get this to work by changing the line
openssl enc -aes-256-cbc -pbkdf2 -iter 10000 -salt -in "$ENCPASS_KEY_F/private.key" -out "$ENCPASS_KEY_F/private.lock" -pass file:"$fifo"
to
openssl enc -aes-256-cbc -salt -in "$ENCPASS_KEY_F/private.key" -out "$ENCPASS_KEY_F/private.lock" -pass file:"$fifo"
for both the encpass_cmd_lock() and encpass_cmd_unlock() functions. Notice what we've done is remove the "-pbkdf2 -iter 10000" parameters that "openssl enc" seems to not recognize. These are also used on the encpass_cmd_export() and encpass_cmd_import() functions as well, so likely they will need to be updated too for this workaround.
from encpass.sh.
Great! Thanks for the confirmation and the info on the default openssl implementation on MacOS. Ideally I'd like encpass.sh to work directly with whatever the default is, but I'm not sure that it will be possible if there is not a good way to do this on LibreSSL. If that ends up being the case I may make an extension that could be loaded for Mac users if they want to use LibreSSL, but then also add to the README to use your documented steps of installing openssl via homebrew to get the normal implementation working.
from encpass.sh.
for reference, macOS Ventura now includes LibreSSL 3.3.6 which includes pbkdf2 so this works out of the box now (except for the help option).
from encpass.sh.
Great, thanks for the update David! I am now working on a MacBook, but am running an older 12.1 version atm. As soon as I update the OS and confirm it is working I will close out this issue. I'm going to look at merging in your PR too for the mandoc version update for the help.
from encpass.sh.
Related Issues (11)
- this duplicates (badly) the pass functionality HOT 5
- encpass in script HOT 2
- get_secret error HOT 5
- help command doesn't work in macOS HOT 5
- Command to store password HOT 4
- basename: invalid option -- 'b' HOT 12
- Key files named as dot files do not get locked or unlocked HOT 2
- Secrets don't properly get exported on ubuntu 20.04 HOT 9
- How to use in MacOS HOT 4
- Confusing positional parameters for get_secret HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from encpass.sh.