I first generate a keyfile with openssl rand -hex 64 -out keyfile.
I then encrypt the file with openssl enc -aes-256-cbc -salt -in large_file.zip -out large_encrypted.bin -pass file:./keyfile.
I am encrypting files sized anywhere from a few bytes to 1TB. I will be using this in a simple bash script.
- Is this secure in 2021? Should I use a different cipher?
- Can any metadata leak from the encrypted file?
- Should/can the keyfile be larger than 64 bytes?
- Should I create new keyfiles for each file I encrypt?
- Is there a minimum/maximum file size this can encrypt? Do different file sizes affect security?
- Is this considered "rolling my own crypto" (which I know is widely discouraged)?
