Let's say I want to do an SHA256HMAC digest of a file with the openssl
command line utility:
openssl dgst -sha256 -hmac "$(cat $KEY_FILE)" -hex "$TARGET_FILE"
How can I protect this command against the $(cat $KEY_FILE)
generating null bytes (or other potentially troublesome characters) if those happen to exist in $KEY_FILE
?
-mac HMAC -macopt hexkey:1f0cda
is supported. If you don't have any null bytes and the file doesn't end with linebreaks then your version is fine, though.