[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Secure command line "enc -K"
From:       "Michael D. Adams" <mdmkolbe () gmail ! com>
Date:       2009-11-27 0:10:39
Message-ID: c62c8d860911261610o64e44a5cjb028c4bf109a2393 () mail ! gmail ! com
[Download RAW message or body]

Is there a way to securely pass an exact key to "openssl enc"?  The
"-pass" option is looking for a password that it will pass though a
key derivation function (IIUC), but I want to specify the exact binary
key to use without it being passed though a key derivation function.
The "-K" option would fit my needs, except that since it requires the
key to be put on the literal command line, it exposes the key to other
users on the same system (they can run "ps -f").

I'm looking for something like "-pass file:<keyfile>" (to keep the key
off the command line) except I want to bypass the key derivation
function.  (If I were hashing instead of encoding I would just use
"openssl sha1 -sign hmac.pem".)

Michael D. Adams
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]