Kyle Hamilton wrote:
What is it that you're trying to do with the CLI?  We might be able to
assist with that.

Thanks Kyle. I'm actually doing 2 separate things. I'll list the 2nd one in a separate thread.

I'm using openssl version 0.9.8e

This task is simply to generate a sha1 HMAC across some binary data. I could not figure out the command line syntax to invoke that function and also how to pass it the parameters. After a couple of hours of reading source code and experimenting, I found the following syntax:

to generate an HMAC across the binary file myfile.bin, using the key "MYKEY" (ASCII), the syntax is:

openssl sha1 -hmac MYKEY myfile.bin

This is OK if your key happens to be text, but I'm stuck on how to pass a binary key. After figuring out the basic syntax, my new problem is that the real key is random binary stuff, and I don't know if there is a way to pass it on the command line. I have scrutinized the source code and as far as I can tell there's just no way to pass an argument to tell it to read the key from a file. Nor is there a way to tell it to interpret the key as ASCII hex, e.g.:

openssl sha1 -hmac 0102030405060708090a0b0c0d0e0f myfile.bin


openssl sha1 -hmac 0x0102030405060708090a0b0c0d0e0f myfile.bin

The code to parse that does not seem to exist in openssl, at least where it is parsing the HMAC key command line argument (dgst.c line 197).

So I'm wondering if I can work around this by invoking some shell functionality to parse the ASCII hex. Does Linux or Windows have some shell functionality that has the shell parse the ASCII hex parameter and feed it in as binary? Or maybe there is some other way?

As for documentation, write it up and email it as an attachment to
[EMAIL PROTECTED]  rt is the request tracker, and it'll make it possible
to keep track of its status.

Great, thanks! I could not find even any mention of the existence of hmac functionality in any of the man pages or command line help. I'm more than happy to write up whatever I can find and figure out on this.

-Kyle H

On 5/24/07, Peter Kuykendall <[EMAIL PROTECTED]> wrote:
I'm trying to use a couple of simple functions of the openssl CLI and
can't figure it out from the docs nor the mailing list archives.  Since
it seems that I'm going to have to review the source code to understand
the proper syntax, I'd like to expand the documentation to share this
knowledge after I discover it.

How can I make this contribution?

Thanks - Pete

OpenSSL Project                       
User Support Mailing List          
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to