projects/sencrypt

changeset 10:8e9dd5328b5a

Print a warning message when using an insecure algorithm
author Guido Berhoerster <guido+sencrypt@berhoerster.name>
date Sat Sep 03 14:02:42 2016 +0200 (2016-09-03)
parents cc930aa0f3c2
children 27bc2d4947da
files sencrypt.1.xml sencrypt.c
line diff
     1.1 --- a/sencrypt.1.xml	Sat Sep 03 11:43:37 2016 +0200
     1.2 +++ b/sencrypt.1.xml	Sat Sep 03 14:02:42 2016 +0200
     1.3 @@ -1,7 +1,7 @@
     1.4  <?xml version="1.0"?>
     1.5  <!--
     1.6  
     1.7 -Copyright (C) 2014 Guido Berhoerster <guido+sencrypt@berhoerster.name>
     1.8 +Copyright (C) 2016 Guido Berhoerster <guido+sencrypt@berhoerster.name>
     1.9  
    1.10  Permission is hereby granted, free of charge, to any person obtaining
    1.11  a copy of this software and associated documentation files (the
    1.12 @@ -33,7 +33,7 @@
    1.13        <email>guido+sencrypt@berhoerster.name</email>
    1.14        <personblurb/>
    1.15      </author>
    1.16 -    <date>21 January, 2014</date>
    1.17 +    <date>3 September, 2016</date>
    1.18    </info>
    1.19    <refmeta>
    1.20      <refentrytitle>sencrypt</refentrytitle>
    1.21 @@ -144,7 +144,9 @@
    1.22            <replaceable>algorithm</replaceable>
    1.23          </term>
    1.24          <listitem>
    1.25 -          <para>Use the specified algorithm.</para>
    1.26 +          <para>Use the specified algorithm. See
    1.27 +          <xref linkend="algorithms"/> for a list of supported
    1.28 +          algorithms.</para>
    1.29          </listitem>
    1.30        </varlistentry>
    1.31        <varlistentry>
    1.32 @@ -186,6 +188,19 @@
    1.33        </varlistentry>
    1.34      </variablelist>
    1.35    </refsect1>
    1.36 +  <refsect1 xml:id="algorithms">
    1.37 +    <title>Algorithms</title>
    1.38 +    <para>The following algorithms and key lengths are supported:
    1.39 +      <simplelist type="vert" columns="2">
    1.40 +        <member>aes</member>
    1.41 +        <member>arcfour</member>
    1.42 +        <member>des</member>
    1.43 +        <member>3des</member>
    1.44 +      </simplelist></para>
    1.45 +      <para>The arcfour, des, and 3des algorithms are considered insecure and should
    1.46 +      not longer be used to encrypt new files. Using them will print a warning
    1.47 +      message.</para>
    1.48 +  </refsect1>
    1.49    <refsect1>
    1.50      <title>Examples</title>
    1.51      <example>
     2.1 --- a/sencrypt.c	Sat Sep 03 11:43:37 2016 +0200
     2.2 +++ b/sencrypt.c	Sat Sep 03 14:02:42 2016 +0200
     2.3 @@ -618,6 +618,11 @@
     2.4  		status = EXIT_FAILURE;
     2.5  		goto out;
     2.6  	}
     2.7 +	if ((cmd == CMD_SENCRYPT) && ((cipher != EVP_aes_128_cbc()) &&
     2.8 +	    (cipher != EVP_aes_192_cbc()) && (cipher != EVP_aes_256_cbc()))) {
     2.9 +		fprintf(stderr, "warning: the %s algorithm is no longer "
    2.10 +		    "considered secure", algo_name);
    2.11 +	}
    2.12  
    2.13  	if (iflag) {
    2.14  		bio_in = BIO_new_file(in_filename, "r");