[openssl-users] AES-GCM failing from Command Line Interface

Sec_Aficionado secaficionado at gmail.com
Tue Feb 10 15:31:10 UTC 2015


Matt,

Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page.

Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action.

Thanks for your help!

Sent from my mobile
Please forgive any "autocorrections" I may have missed

> On Feb 10, 2015, at 9:21 AM, Matt Caswell <matt at openssl.org> wrote:
> 
> 
> 
>> On 10/02/15 14:09, Sec_Aficionado wrote:
>> Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it.
> 
> It does:
> 
> https://www.openssl.org/docs/apps/enc.html
> "The enc program does not support authenticated encryption modes like
> CCM and GCM. The utility does not store or retrieve the authentication tag."
> 
>> 
>> Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell.
> 
> No - you can't do AES-GCM from the command line (things like s_server
> and s_client support it - but that doesn't help you for what you want to
> do). We don't supply the PHP bindings - you'll have to talk to the PHP
> guys about that.
> 
> Matt
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list