Hi Steffen! -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Steffen DETTMER Sent: 06 February 2009 13:33 To: Everyone Subject: Re: OpenSSL command line HMAC
> Hi all, Hi Alistair! > * Young, Alistair wrote on Fri, Feb 06, 2009 at 10:16 +0000: > > Ultimately I settled on the use of a shell script to act as an > > intermediary: > > > > #!/bin/bash > If you can use bash you could pass the key in \xNN form [... snip ...] Thanks for the suggestion, Steffen - that would at least remove the need to write the key to a file. > (This does not mean that I'd recommend to do such things! Crypto via shell scripts > and stuff invitest potential security flaws etc.) Indeed - the presence of 'eval' alone is probably enough to give security experts a few sleepless nights! :) But, assuming that all the data we feed in is done in escaped form (\xNN) that should prevent injection-style attacks. Cheers for tip! Alistair. Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org