openssl hmac and key on the command line
Francois
rigault.francois at gmail.com
Sun Aug 7 16:20:56 UTC 2022
Greetings
I am reading some doc instructing me to run
printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
Doing so would leak the APP_TOKEN on the command line arguments (so a
user running a "ps" at the right time would see the APP_TOKEN in
clear). Due to my machine setup, programs started and their arguments
also end up in an audit log.
I am reading the documentation on
https://www.openssl.org/docs/manmaster/man1/openssl-dgst.html, that
points at the preferred
https://www.openssl.org/docs/manmaster/man1/openssl-mac.html
, and all
the examples have the key in clear text on the command line.
Is there an equivalent command I can run that will not leak the key?
Best regards
Francois
More information about the openssl-users
mailing list