OpenSSL: what's the difference between -kfile and -pass?

Asked 7 years, 1 month ago

Modified 1 year, 10 months ago

Viewed 19k times

6

It seems both -kfile and -pass can be used to encrypt files with a 2048 bit keyfile? I don't understand the difference between the two methods:

$ openssl enc -salt -aes-256-cbc -in inputfile.txt -kfile 2048bit_keyfile.key $ openssl enc -salt -aes-256-cbc -in inputfile.txt -pass file:2048bit_keyfile.key -out outputfile.txt.enc

Which method uses the full entropy of the 2048 bit keyhole?

asked Oct 26, 2018 at 6:52

631 gold badge1 silver badge3 bronze badges

Add a comment |

1 Answer 1

Sorted by:

5

-k and -kfile are deprecated

The OpenSSL ENC wiki page says this:

-k password, -kfile filename
Both option [sic] are used to specify a password or a file containing the password which is used for key derivation. However they are deprecated. You should use the -pass option instead. The equivalents are -pass pass:password and -pass file:filename respectively.

edited Jan 13, 2024 at 21:30

1055 bronze badges

answered Oct 26, 2018 at 7:20

18.3k1 gold badge55 silver badges86 bronze badges

Add a comment |

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.