netbsd-users: Re: easiest way to encrypt a file?

Subject: Re: easiest way to encrypt a file?
To: Jeremy C. Reed <reed@reedmedia.net>
From: Dave <spam@dberg.net>
List: netbsd-users
Date: 12/18/2004 00:20:11

On Fri, Dec 17, 2004 at 10:28:00AM -0800, Jeremy C. Reed wrote:
> I want to place a DSA key file on a server not maintained by myself. It is
> pass-phrase protected, but still I don't want the file used.
...
> Anything in the NetBSD base? (And examples?)

  One example of a method to do this is

    /usr/bin/openssl des3 -e -salt -in <file> -out <file>.des3
    /bin/rm -i <file>

for encrypting and

    /usr/bin/openssl des3 -d -in <file>.des3 -out <file>

for decrypting.  I use these a lot.  Don't forget the -salt, the man
page emphasizes that omitting it makes the encryption weaker.

  Is the existing pass-phrase protection weak in some way, by the way?
I'd certainly want to know...  Or do you just sometimes have to use
the DSA key and its pass-phrase on an untrusted machine?

Cheers,  --Dave