kernc/myba

Use `openssl cms -aes-256-gcm-siv`

Open

#5 geöffnet am 27. März 2026

Auf GitHub ansehen
 (0 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)Shell (2 Forks)github user discovery
enhancementgood first issuehelp wanted

Repository-Metriken

Stars
 (6 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

Use cipher algorithm AES-256-GCM-SIV that does authentication over AES-256-CTR that doesn't.

See also: https://github.com/openssl/openssl/issues/12220 https://github.com/openssl/openssl/issues/12220#issuecomment-1237509811 https://github.com/openssl/openssl/issues/24421 https://github.com/openssl/openssl/discussions/22269

https://github.com/openssl/openssl/issues/28607 https://github.com/openssl/openssl/commit/86344acb02eb3718b0491b9915846667c55c95ff

Demo:

echo "test content" > test_cms.txt
key=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# NOTE: aes-256-gcm != aes-256-gcm-siv  # https://www.reddit.com/r/crypto/comments/giw4wz/comment/fqi1wbh/
#       We would want to use the latter!
openssl cms -encrypt -binary -aes-256-gcm -secretkey $key -secretkeyid 1234 -in test_cms.txt -out test_cms.enc
openssl cms -decrypt -binary -secretkey $key -secretkeyid 1234 -in test_cms.enc
rm -f test_cms.txt test_cms.enc

Contributor Guide