0

I don't want openssl to log my keys and passwords... but I don't use gpg as I need more manual control for my purpose. I also don't like gpg and would like to use openssl without logging.

Does openssl too engaging in logging when I open the interpreter

Openssl

My main question revolves around linux logging when others have access to my offline pc?

Mini kute
  • 33
  • 3
  • Why do you think openssl logs your keys and passwords? It is open source. See the sources. Have you found a place in the source code that logs your keys and passwords? – mentallurg Jun 16 '19 at 09:17
  • Could you please provide the specific output of openssl command where you suspects some sensitive info is logged? – Oleg Jun 16 '19 at 19:22
  • @Oleg glad to hear it doesn't log... but what about kernel logs? That is what I meant, in context of linux logging – Mini kute Jun 16 '19 at 20:33
  • @Mini kute - again the same - please provide the suspicious logs and we will analyse it and find is there any sensitive info leak. Usually Linux kernel doesn't print every memory byte to log and has not clue which crypto operation does openssl do at the moment. – Oleg Jun 17 '19 at 06:26

1 Answers1

1

If you are afraid that somebody can get access to your private keys or passwords, disconnect your machine from network and never connect it again; transfer public keys that you want to publish via USB stick; when you need to encrypt or decrypt something, use USB stick, put there the needed files, attach it to your offline machine, encrypt or decrypt on this machine, put result back to USB stick.

Depending on how important are purposes you use openssl for, you may want to put your machine in some room with proper electromagnetic and sound isolation :) And first of all, make sure nobody gets physical access to this machine :)

mentallurg
  • 2,611
  • 1
  • 16
  • 22