To encrypt and decrypt text I am using:
echo test | openssl enc -e -a -A -aes-256-cbc -pbkdf2 -iter 1234 -k <passphrase>
echo <encrypted text> | openssl enc -d -a -A -aes-256-cbc -pbkdf2 -iter 1234 -k <passphrase>
This works great, until I test it on RHEL7 (or CentOS7) system which has FIPS enabled. This is what I get as output when I try to encrypt text as indicated above:
unknown option '-pbkdf2'
So I try it without that option, and I get:
unknown option '-iter'
So I try it without either of those options:
echo test | openssl enc -e -a -A -aes-256-cbc -k <passphrase>
That results in this error:
U2Fs...12:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:
So I'm not sure how to proceed. I'm open to using other tools to encrypt/decrypt text in a FIPS-compliant way.
Note: I found a potential solution on RedHat's knowledge-base, but it's behind a paywall. :-(