3

I noticed that OpenSSL gets a hard time regarding its implementation sometimes.

I understand it's Swiss Army Knife tool, but can keys generated with OpenSSL be considered secure (assuming the base OS has enough entropy)?

Is OpenSSL considered to be acceptable for Real World use?

I would regularly see people recommend GPG for example, over OpenSSL.

What gives?

Example: https://stackoverflow.com/questions/28247821/openssl-vs-gpg-for-encrypting-off-site-backups

Woodstock
  • 689
  • 6
  • 20
  • Depends what you're using it for - it's used as the backend for most sites using Apache httpd for HTTPS, for example. GPG has a very different aim... – Matthew May 29 '19 at 15:28
  • Sure, but technically are OpenSSL generated RSA keys, with like for like key length, used for Asym enc, as strong as the same process executed with GPG? – Woodstock May 29 '19 at 15:40
  • 1
    I would bet money that openssl generated a majority of RSA keys used for TLS certificates. I would trust it more than gpg. – Z.T. May 29 '19 at 17:59
  • 1
    Possible duplicate of [Is openssl aes-256-cbc encryption safe for offsite backup](https://security.stackexchange.com/questions/182277/is-openssl-aes-256-cbc-encryption-safe-for-offsite-backup) – forest May 30 '19 at 00:39
  • 1
    I've flagged this as a duplicate because you seem to be talking about using OpenSSL for site backups, not for TLS in which case the answer is quite different. – forest May 30 '19 at 00:39
  • 2
    OpenSSL and the OpenSSL command line tools are not the same thing. The command line tools are not what OpenSSL is used for by the vast majority of people, and they weren't intended for production use to begin with. – AndrolGenhald May 30 '19 at 01:22
  • @Z.T.: except for openssl (and openssh which uses openssl or sometimes libressl, but not for TLS of course) [in certain past versions of Debian](https://wiki.debian.org/SSLkeys) – dave_thompson_085 Aug 15 '20 at 03:42

1 Answers1

13

Considering openssl processes a majority of the HTTPS traffic on the internet, I simply don't understand your question. Of course openssl is used in production. A lot. By everyone. All the time.

The API is not nice, the certificate processing code is not nice, the CLI is not nice, the documentation is often wildly outdated. It is not easy to use, and it is hard to use correctly. It will not hold your hand. It will not steer you away from danger. By all means, if you can, use Google Tink or libsodium.

There are two forks that tried to clean up the code by breaking compatibility - Google's BoringSSL and OpenBSD's LibreSSL. They are not very popular outside their organizations, exactly because they break compatibility.

The openssl code base has improved a lot since Heartbleed, it's not as bad as it used to be.

gpg is considered to be a dumpster fire comparable to Heartbleed-era openssl, so no, it's not better (look at the work of isis agora lovecruft).

EDIT:

If your question is about encrypting backup files for storage (or encrypting files to send to people over insecure channels), then gpg command line tool is better than the openssl tool.

The openssl CLI enc command should not be used, IMO, because its man page says:

For bulk encryption of data, whether using authenticated encryption modes or other modes, cms(1) is recommended, as it provides a standard data format and performs the needed key/iv/nonce management.

The openssl cli cms command is not the part of the openssl code that people use and trust, and I would not use it. Also, I would not use anything that tries to do openpgp or s/mime. So, if not openssl cli or gpg then what?

If you can use openssl's libcrypto API (for example with pyca/cryptography), I would prefer that over gpg. But if you're writing code instead of using a command line tool, I would use libsodium over libcrypto, to reduce chance of error.

But actually, the correct answer finally is to use age, because my own code was not reviewed by knowledgeable people and we finally have a good tool written and reviewed by people who know what they are doing.

Z.T.
  • 7,963
  • 1
  • 22
  • 36
  • It might be useful to note that only web servers use it. Browsers typically use NSS. However I think OP is talking about the use of OpenSSL for _file encryption_, not for TLS, so I don't think this answers the question. And GnuPG is _much_ better for that purpose (it actually uses a KDF...). – forest May 30 '19 at 00:37
  • Chrome uses boringssl, safari uses boringssl too I think, only Firefox uses NSS. For encrypted backup files, this doesn't answer the question. – Z.T. May 30 '19 at 00:46
  • 1
    Ah my information was outdated then. Chrome used to use NSS at least. Anyway that was just a nitpick before I noticed that OP might be asking about OpenSSL for backups (which is _not_ ready for production) instead of TLS (which is). – forest May 30 '19 at 00:46