kernc/myba

Use `openssl cms -aes-256-gcm-siv`

Open

#5 opened on 2026年3月27日

GitHub で見る
 (0 comments) (0 reactions) (0 assignees)Shell (2 forks)github user discovery
enhancementgood first issuehelp wanted

Repository metrics

Stars
 (6 stars)
PR merge metrics
 (PR metrics pending)

説明

Use cipher algorithm AES-256-GCM-SIV that does authentication over AES-256-CTR that doesn't.

See also: https://github.com/openssl/openssl/issues/12220 https://github.com/openssl/openssl/issues/12220#issuecomment-1237509811 https://github.com/openssl/openssl/issues/24421 https://github.com/openssl/openssl/discussions/22269

https://github.com/openssl/openssl/issues/28607 https://github.com/openssl/openssl/commit/86344acb02eb3718b0491b9915846667c55c95ff

Demo:

echo "test content" > test_cms.txt
key=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# NOTE: aes-256-gcm != aes-256-gcm-siv  # https://www.reddit.com/r/crypto/comments/giw4wz/comment/fqi1wbh/
#       We would want to use the latter!
openssl cms -encrypt -binary -aes-256-gcm -secretkey $key -secretkeyid 1234 -in test_cms.txt -out test_cms.enc
openssl cms -decrypt -binary -secretkey $key -secretkeyid 1234 -in test_cms.enc
rm -f test_cms.txt test_cms.enc

コントリビューターガイド