In short, the root of the issue is that openssl uses md5 by default to hash passphrases ... this becomes a problem on systems where md5 is disallowed (i.e., systems in FIPS mode).
The solution is to use openssl's -md option to specify some non-md5 digest like sha256. So yeah, ToDo: figure out the best way to handle that in pyrite. Possibilities:
simplest: hard-code -md something-that-isn't-md5 into openssl cmdline
simpleish: add a command-line-only option
finish implementing the advanced options tab in the preferences
allow -md to be explicitly configured from the preferences
allow -md to be configured from a new dropdown that's only present when in openssl mode
re-use the "Digest" dropdown from gpg mode in openssl mode -- add more details to the tooltip to explain
I wrote the following KCS solution in Red Hat's knowledgebase:
openssl enc -aes-256-cbc fails in FIPS mode
In short, the root of the issue is that openssl uses md5 by default to hash passphrases ... this becomes a problem on systems where md5 is disallowed (i.e., systems in FIPS mode).
The solution is to use openssl's
-md
option to specify some non-md5 digest like sha256. So yeah, ToDo: figure out the best way to handle that in pyrite. Possibilities:-md something-that-isn't-md5
into openssl cmdline-md
to be explicitly configured from the preferences-md
to be configured from a new dropdown that's only present when in openssl mode