0

To encrypt and decrypt text I am using:

echo test | openssl enc -e -a -A -aes-256-cbc -pbkdf2 -iter 1234 -k <passphrase>
echo <encrypted text> | openssl enc -d -a -A -aes-256-cbc -pbkdf2 -iter 1234 -k <passphrase>

This works great, until I test it on RHEL7 (or CentOS7) system which has FIPS enabled. This is what I get as output when I try to encrypt text as indicated above:

unknown option '-pbkdf2'

So I try it without that option, and I get:

unknown option '-iter'

So I try it without either of those options:

echo test | openssl enc -e -a -A -aes-256-cbc -k <passphrase>

That results in this error:

U2Fs...12:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:

So I'm not sure how to proceed. I'm open to using other tools to encrypt/decrypt text in a FIPS-compliant way.

Note: I found a potential solution on RedHat's knowledge-base, but it's behind a paywall. :-(

Improve this question

1 Answer 1

Reset to default
1

I got it to work by removing the -pbkdf2 and -iter options, and specifying the message digest algorithm via -md sha256:

echo test | openssl enc -e -a -A -aes-256-cbc -md sha256 -k <passphrase>
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .