[tptacek]

That command line doesn't even produce authenticated ciphertext. I'm amazed that's the check-marked best answer on Stack Overflow.

[wolf550e]

I have seen many questions on security stack exchange and /r/crypto where the correct answer should have been "use age", but because it didn't exist the correct answer was something bad. openssl CLI is not meant to be used in prod (both because not AEAD and because the man page tells you not to use it). gpg is bad. rolling your own CLI tool using libsodium is not for everyone.

[tptacek]

https://twitter.com/pwnallthethings/status/12107355525357527...

I'd be nicer but for the "hopefully they didn't roll their own" at the end.

[TedDoesntTalk]

It's possible this is the wrong way to get AES on the command-line; I haven't done it and no need to right now. But that's missing my point entirely.

[tedunangst]

Your point is that you can do the wrong thing with OpenSSL so that means you don't need a tool that does the right thing?

That is not a solid point.

[coldtea]

The point being?

You've linked to a command that's wrong, from a random internet "everybody gets to answer a question and everybody gets to vote for the best answer, no qualifications required" website, and wrote "with that I'm guaranteed AES, a known-good encryption algorithm" as if that means anything.