openssl hmac and key on the command line

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings

I am reading some doc instructing me to run

    printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}

Doing so would leak the APP_TOKEN on the command line arguments (so a
user running a "ps" at the right time would see the APP_TOKEN in
clear). Due to my machine setup,  programs started and their arguments
also end up in an audit log.

I am reading the documentation on
https://www.openssl.org/docs/manmaster/man1/openssl-dgst.html, that
points at the preferred
https://www.openssl.org/docs/manmaster/man1/openssl-mac.html
, and all
the examples have the key in clear text on the command line.

Is there an equivalent command I can run that will not leak the key?

Best regards
Francois
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux