OpenSSL decryption fails with unknown option '-pbkdf2'

abitrolly · April 9, 2019, 11:46am

OpenSSL decryption fails, because CircleCI uses outdated version that doesn’t support -pbkdf2. Running it on CircleCI side fails.

$ openssl aes-256-cbc -pbkdf2 -in .env.ci.enc -pass pass:$CIRCLE_ENC_KEY -d
unknown option '-pbkdf2'
...

Need a newer openssl.

drazisil · April 9, 2019, 2:13pm

Hi Anatoli. What executor are you running this under?

abitrolly · April 9, 2019, 2:17pm

I guess it is docker.

jobs:
  test:
    docker:
        - image: docker:18.05.0-ce-git

drazisil · April 9, 2019, 2:20pm

Ok. Since that’s not a CircleCI image, it would be on upsteam to have the version of openSSL current. What happens when you try updating it with sudo apt-get update && sudo apt-get install openssl?

abitrolly · April 9, 2019, 2:26pm

I am afraid it is Alpine 3.7.

drazisil · April 9, 2019, 2:31pm

Ok, looks like it’s this then:

    -run: apk update 
    -run: apk add openssh

abitrolly · April 11, 2019, 11:50am

Need to fix the problem with the image first.

Is it possible to use bash inside docker executor instead of sh?

abitrolly · April 11, 2019, 1:11pm

With apk update

OpenSSL 1.0.2r  26 Feb 2019

Without apk update

OpenSSL 1.0.2r  26 Feb 2019

Topic		Replies	Views
How to install openssl to circleci build? Build Environment	1	2257	February 5, 2019
Trying to run docker-hello-google and running into openssl + p12 warnings (even though using a json key) Build Environment	2	1925	January 25, 2017
How can I install the ruby gem openssl version 2.2.1 Build Environment	1	4826	February 1, 2023
CircleCI イメージと OpenSSL の脆弱性情報 (CVE-2022-3602、CVE-2022-3786) Community convenience-images , cimg , ja-日本語 , openssl , cve	0	1675	November 2, 2022
Deployment to Appengine Fails: PyOpenSSL not Available Deployments google-app-engine , java	5	3495	October 20, 2016

OpenSSL decryption fails with unknown option '-pbkdf2'

Related topics