kernc/myba

Use `openssl cms -aes-256-gcm-siv`

Open

#5 创建于 2026年3月27日

在 GitHub 查看
 (0 评论) (0 反应) (0 负责人)Shell (2 fork)github user discovery
enhancementgood first issuehelp wanted

仓库指标

Star
 (6 star)
PR 合并指标
 (PR 指标待抓取)

描述

Use cipher algorithm AES-256-GCM-SIV that does authentication over AES-256-CTR that doesn't.

See also: https://github.com/openssl/openssl/issues/12220 https://github.com/openssl/openssl/issues/12220#issuecomment-1237509811 https://github.com/openssl/openssl/issues/24421 https://github.com/openssl/openssl/discussions/22269

https://github.com/openssl/openssl/issues/28607 https://github.com/openssl/openssl/commit/86344acb02eb3718b0491b9915846667c55c95ff

Demo:

echo "test content" > test_cms.txt
key=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# NOTE: aes-256-gcm != aes-256-gcm-siv  # https://www.reddit.com/r/crypto/comments/giw4wz/comment/fqi1wbh/
#       We would want to use the latter!
openssl cms -encrypt -binary -aes-256-gcm -secretkey $key -secretkeyid 1234 -in test_cms.txt -out test_cms.enc
openssl cms -decrypt -binary -secretkey $key -secretkeyid 1234 -in test_cms.enc
rm -f test_cms.txt test_cms.enc

贡献者指南