However, neither openssl nor gpg are cryptographic methods in themselves. They are front ends that call crypto algorithms from open source crypto libraries, and the user selects the crypto of his choice and the crypto parameters to suite his needs.

These libraries are the gold standards upon which most of the modern internet depends. Unless you believe that closed source, proprietary cryptography is superior to open source cryptography. That argument, (security by obscurity) has been made many times and lost.

NOTE: I just posted these to give anyone who reads this something to think about. I am *not* saying that openssl is *not* the tool for encrypting files.

I’m saying that it *wasn’t* the tool in the past, how and if that has changed is up to the readers of this post to figure out. I’m no Openssl or Security expert unfortunately.

Check these out:

1. https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files#16056298
2. https://stackoverflow.com/questions/28247821/openssl-vs-gpg-for-encrypting-off-site-backups\
3. https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase/29139#29139
4. https://security.stackexchange.com/questions/31492/file-security-when-encrypting-files-directly-with-the-openssl-command-and-what/31494#31494

Unless things have changed in the past 2 years, Openssl uses custom and insecure constructs and practices to encrypt data. That’s the gist of the posts.

@Quiark,
Please enlighten us and share your wisdom – why is this unsafe in your opinion? An actual proof will be most appreciated. In the true spirit of open source and knowledge sharing, pointing out a flaw without providing a suggestion to improve something isn’t the way to go, you know?