-KF and -ivF seems like a good approach to me as a user.
Thanx
A.
On 04/04/2013 08:37 AM, Stern, Andrew wrote:
It seems like it would be easy to add an option to the enc command to get the
key and IV from a file by providing the file location to the command line. For
instance we could add -KF path and -ivF path to the command line options and
have the enc get the real values from within these files. The files could be
protected by access rights to only allow the users with the correct permissions
to see the contents. If we get agreements on this I should be able to modify
the enc source code and add this functionality without much effort.
-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jason Gerfen
Sent: Thursday, April 04, 2013 8:04 AM
To: openssl-users@openssl.org
Subject: Re: How to specify the encryption key without it being visible by ps
command?
On 04/04/2013 05:41 AM, Salz, Rich wrote:
read -sp "Enter path to key: " key
read -sp "Enter IV: " iv
openssl enc -e -aes256 -K $key -iv $iv -in ... -out ...
That doesn't help; the key is STILL in the argv list and can be seen by doing a
ps.
/r$
Your right, my apologies. Doesn't look like this exists after reviewing the doc
@ https://www.openssl.org/docs/apps/openssl.html
As a work around using the openssl shell. I was thinking of ps when using
options to MySQL which does mask sensitive input from ps but not from /dev/mem.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
This message is for the named person's use only. This communication is for
informational purposes only and has been obtained from sources believed to
be reliable, but it is not necessarily complete and its accuracy cannot be
guaranteed. It is not intended as an offer or solicitation for the purchase
or sale of any financial instrument or as an official confirmation of any
transaction. Moreover, this material should not be construed to contain any
recommendation regarding, or opinion concerning, any security. It may
contain confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorized to state them to be the views of any such entity.
Securities products and services provided to Canadian investors are offered
by ITG Canada Corp. (member CIPF and IIROC - Investment Industry Regulatory
Organization of Canada), an affiliate of Investment
Technology Group, Inc.
Investment research products and services are produced and offered by
ITG Investment Research, Inc. and not ITG Inc. (a FINRA member firm and
SIPC member).
ITG Inc. and/or its affiliates reserves the right to monitor and archive
all electronic communications through its network.
ITG Inc. Member FINRA, SIPC
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
