Skip to Main Content

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Difference between openssl and encrypt commands

ODeskOct 8 2019

Hi

I'm on a steep learning curve from Solaris 10 to 11.4 on a SPARC T4 environment, so please bear with me as I haven't found an answer to this question!

I'm looking at AES 128 encryption tools, particularly for tape.  I didn't need to use any on Solaris 10 so I'm leaning from a fresh 11.4 perspective.

I've learned from Oracle documentation that I can use encrypt and decrypt commands and pipe from tar etc when writing to tape.  But I also learned form other internet sources this can be done with the openssl command, and is pretty common on Linux.

I can also sort of understand that OpenSSL included with Solaris 11.4 now has direct integrations with the T4 crypto hardware compared with earlier Solaris releases, so maybe it's now a case of both openssl and encrypt being effectively the same under the hood and using the same "engines"?

So really I'm looking for understand:

  1. Which should I chose for Solaris 11.4 going forward, openssl or encrypt command and why?
  2. Is encrypt just there for backward compatibility, and are now actually using the same Crypto framework?
  3. To me they both have very similar performance, but is one actually faster or advantageous over the other? 
  4. I believe encrypt -a aes might be using a different AES compared to openssl enc -aes-128-cbc, so how can I ensure I am calling them the same way to test properly?

Thanks for your comments.

Comments
Post Details
Added on Oct 8 2019
0 comments
425 views