enhancementgood first issuehelp wanted
Metriche repository
- Star
- (6 star)
- Metriche merge PR
- (Metriche PR in attesa)
Descrizione
Use cipher algorithm AES-256-GCM-SIV that does authentication over AES-256-CTR that doesn't.
See also: https://github.com/openssl/openssl/issues/12220 https://github.com/openssl/openssl/issues/12220#issuecomment-1237509811 https://github.com/openssl/openssl/issues/24421 https://github.com/openssl/openssl/discussions/22269
https://github.com/openssl/openssl/issues/28607 https://github.com/openssl/openssl/commit/86344acb02eb3718b0491b9915846667c55c95ff
Demo:
echo "test content" > test_cms.txt
key=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# NOTE: aes-256-gcm != aes-256-gcm-siv # https://www.reddit.com/r/crypto/comments/giw4wz/comment/fqi1wbh/
# We would want to use the latter!
openssl cms -encrypt -binary -aes-256-gcm -secretkey $key -secretkeyid 1234 -in test_cms.txt -out test_cms.enc
openssl cms -decrypt -binary -secretkey $key -secretkeyid 1234 -in test_cms.enc
rm -f test_cms.txt test_cms.enc