openssl: WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. #169
Comments
|
please help me! |
|
Hi @njfamirm the warning message is from OpenSSL, you can ignore those messages because transcrypt will still work fine. It just isn't using the strongest encryption algorithm it could. This is a known issue. Removing those warnings requires a new encryption approach to use the PBKDF2 algorithm, which we are working on, but slowly. See related issues #55, #59, #134 and a few pull requests where we are working on it. |
vjousse
added a commit
to MTES-MCT/ecobalyse
that referenced
this issue
Dec 17, 2024
## 🔧 Problem In order not to make public the Ecoinvent data containing detailed processes impacts, this data is stored in a private repository on Github https://github.com/MTES-MCT/ecobalyse-private, so it is not included with the source code of the Ecobalyse application, even though it is necessary for its proper functioning. This frequently leads to technical problems when putting features into production, as it is very complicated to keep data synchronized between the two repositories. ## 🍰 Solution Re-store detailed processes in the main repository, but encrypt them using git encryption with the help of https://github.com/elasticdog/transcrypt ## 🚨 Points to watch/comments The warning `*** WARNING : deprecated key derivation used.` on the ci is ok for now, see elasticdog/transcrypt#169 As Scalingo doesn't give access to the git repo I need to git clone it when deploying to Scalingo. Then I can run `transcrypt` to decrypt the files and copy them over. We don't synchronize with `ecobalyse-private` anymore. To add new detailed files they will just need to be added to a commit in the main repo. You can see the diffs locally but not on Github anymore as the files are encrypted. ## 🏝️ How to test Depending on your OS, install `trancrypt` like explained here https://github.com/elasticdog/transcrypt/blob/main/INSTALL.md. Get the `trancrypt` key in https://vaultwarden.incubateur.net/ and add it to your `.env` file under the `TRANSCRYPT_KEY` entry. If you don't have access to the Vault, you should ask for one. You can check that files are encrypted by running: cat public/data/textile/processes_impacts.json It should give you some cryptic content. Then init your repo with `transcrypt` using the following command (you will need to do it only once for all): ./bin/run-transcrypt.sh The processes should then be decrypted and you should be able to read them directly with: cat public/data/textile/processes_impacts.json Try to change some detailed files and check that you can commit the changes in this branch without any problem (you can change the objects one). Before commiting changes, be sure that your `.git/hooks/pre-commit` file contains the following (it should have been added by the `transcrypt` command): ```bash # Transcrypt pre-commit hook: fail if secret file in staging lacks the magic prefix "Salted" in B64 RELATIVE_GIT_DIR=$(git rev-parse --git-dir 2>/dev/null || printf '') CRYPT_DIR=$(git config transcrypt.crypt-dir 2>/dev/null || printf '%s/crypt' "${RELATIVE_GIT_DIR}") "${CRYPT_DIR}/transcrypt" pre_commit ``` --------- Co-authored-by: Nicolas Perriault <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi
when I'm update openssl to latest
and when I'm use transcrypt, have this warning in cli
how can fix this?
https://www.phind.com/search?cache=2644031a-8c01-4f24-8ba8-60bdc30e9aba
The text was updated successfully, but these errors were encountered: