1

Let's say I want to do an SHA256HMAC digest of a file with the openssl command line utility:

openssl dgst -sha256 -hmac "$(cat $KEY_FILE)" -hex "$TARGET_FILE"

How can I protect this command against the $(cat $KEY_FILE) generating null bytes (or other potentially troublesome characters) if those happen to exist in $KEY_FILE?

Improve this question
3
  • You can't provide arbitrary binary input as arguments because strings can't contain null bytes (which suggests that the utility is not designed to take that). Quotes are not a problem though. Do you have an applied example of where you're seeing an issue?
    – Michael Homer
    Commented May 17, 2018 at 6:54
  • @MichaelHomer This is the only utility I've ever seen that is supposed to take arbitrary binary as a command line argument, so I don't have any other examples.
    – martin
    Commented May 17, 2018 at 7:00
  • 3
    It appears that -mac HMAC -macopt hexkey:1f0cda is supported. If you don't have any null bytes and the file doesn't end with linebreaks then your version is fine, though.
    – Michael Homer
    Commented May 17, 2018 at 7:08

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .