It seems like it would be easy to add an option to the enc command to get the key and IV from a file by providing the file location to the command line. For instance we could add -KF path and -ivF path to the command line options and have the enc get the real values from within these files. The files could be protected by access rights to only allow the users with the correct permissions to see the contents. If we get agreements on this I should be able to modify the enc source code and add this functionality without much effort.
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jason Gerfen Sent: Thursday, April 04, 2013 8:04 AM To: openssl-users@openssl.org Subject: Re: How to specify the encryption key without it being visible by ps command? On 04/04/2013 05:41 AM, Salz, Rich wrote: >> read -sp "Enter path to key: " key >> read -sp "Enter IV: " iv >> openssl enc -e -aes256 -K $key -iv $iv -in ... -out ... > That doesn't help; the key is STILL in the argv list and can be seen by doing > a ps. > > /r$ Your right, my apologies. Doesn't look like this exists after reviewing the doc @ https://www.openssl.org/docs/apps/openssl.html As a work around using the openssl shell. I was thinking of ps when using options to MySQL which does mask sensitive input from ps but not from /dev/mem. > -- > Principal Security Engineer > Akamai Technology > Cambridge, MA > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- This message is for the named person's use only. This communication is for informational purposes only and has been obtained from sources believed to be reliable, but it is not necessarily complete and its accuracy cannot be guaranteed. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. Moreover, this material should not be construed to contain any recommendation regarding, or opinion concerning, any security. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Securities products and services provided to Canadian investors are offered by ITG Canada Corp. (member CIPF and IIROC - Investment Industry Regulatory Organization of Canada), an affiliate of Investment Technology Group, Inc. Investment research products and services are produced and offered by ITG Investment Research, Inc. and not ITG Inc. (a FINRA member firm and SIPC member). ITG Inc. and/or its affiliates reserves the right to monitor and archive all electronic communications through its network. ITG Inc. Member FINRA, SIPC -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
