kernc/myba

Use `openssl cms -aes-256-gcm-siv`

Open

#5 aperta il 27 mar 2026

Vedi su GitHub
 (0 commenti) (0 reazioni) (0 assegnatari)Shell (2 fork)github user discovery
enhancementgood first issuehelp wanted

Metriche repository

Star
 (6 star)
Metriche merge PR
 (Metriche PR in attesa)

Descrizione

Use cipher algorithm AES-256-GCM-SIV that does authentication over AES-256-CTR that doesn't.

See also: https://github.com/openssl/openssl/issues/12220 https://github.com/openssl/openssl/issues/12220#issuecomment-1237509811 https://github.com/openssl/openssl/issues/24421 https://github.com/openssl/openssl/discussions/22269

https://github.com/openssl/openssl/issues/28607 https://github.com/openssl/openssl/commit/86344acb02eb3718b0491b9915846667c55c95ff

Demo:

echo "test content" > test_cms.txt
key=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# NOTE: aes-256-gcm != aes-256-gcm-siv  # https://www.reddit.com/r/crypto/comments/giw4wz/comment/fqi1wbh/
#       We would want to use the latter!
openssl cms -encrypt -binary -aes-256-gcm -secretkey $key -secretkeyid 1234 -in test_cms.txt -out test_cms.enc
openssl cms -decrypt -binary -secretkey $key -secretkeyid 1234 -in test_cms.enc
rm -f test_cms.txt test_cms.enc

Guida contributor