How would I securely compute a MAC for a file? The obvious way (below) has a security leak as it puts the key on the command line which other users could easily observe with "ps -f".
$ openssl dgst -sha1 -hmac <key> <file> I would have thought that something like "openssl enc" has with "-pass file:<keyfile>" would be available, but I haven't been able to find an equivalent for "openssl dgst" (even the 1.0beta's "-macopt" flag doesn't do this). Am I missing something here? What is the proper way to compute a MAC on the command line? Michael D. Adams ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
