All geek questions in one place

Does the command line key enhance openssl?

If I run the openssl command line in hmac mode (as shown below), is the key used for the hmac used directly or is it hashed before using it as a key?

echo "foo" | openssl dgst -sha256 -binary -hmac "test" | openssl base64

Likewise, when encrypting a file using openssl (as shown below) is passing a hash phrase with salt? (If so, how is this done? A pointer to the correct source file will be even better.)

openssl enc -salt
+3
source share
1 answer

The hmac option does not use salting or hashing; it just uses the passphrase directly as a key. See apps/dgst.cin the source distribution:

            else if (!strcmp(*argv,"-hmac"))
                    {
                    if (--argc < 1)
                            break;
                    hmac_key=*++argv;
                    }
    ...

    if (hmac_key)
            {
            sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
                                    (unsigned char *)hmac_key, -1);
            if (!sigkey)
                    goto end;
            }

enc, , , . apps/enc.c, , , :

            /* Note that str is NULL if a key was passed on the command
             * line, so we get no salt in that case. Is this a bug?
             */
            if (str != NULL)
                    {
                    /* Salt handling: if encrypting generate a salt and
                     * write to output BIO. If decrypting read salt from
                     * input BIO.
                     */

EVP_BytesToKey ( crypto/evp/evp_key.c) . , -, , , , , .

- OpenSSL 1.0.0.

+2

Source: https://habr.com/ru/post/1749269/

More articles:


All Articles