On Wed, Feb 04, 2009, Young, Alistair wrote:
> Well, having been trying this for a while, I'm having serious problems using
> this on a Linux platform.
>
> I seem to have some success if I place quotes around the command line:
>
> $ cat message.bin | openssl dgst -sha256 -hmac "`cat key.bin`" -binary >
> mac.bin
>
> But, to complicate things further, I'm trying to invoke this from Java. So I
> have something like:
>
> byte[] key = ....;
> Runtime.getRuntime().exec("openssl", "dgst", "-sha256", "-hmac", "\"" +
> new String(key) + "\"", "-binary");
>
> I then pipe my message in, and collect the output from the output stream.
>
> But no joy. I believe this may be because Java does not run the command
> within a shell. I can try to force the use of the shell:
>
> Runtime.getRuntime().exec("/bin/bash", "-c", "openssl", "dgst",
> "-sha256", "-hmac", "\"" + new String(key) + "\"", "-binary");
>
> But now my piped message either seems to get interpreted as an openssl
> command (so I just get something like "&%$£&$ is an invalid command" followed
> by a list of the standard openssl commands) or I get an "unexpected EOF while
> looking for matching `"'" error.
>
> Can anybody offer any practical suggestions?
>
> I was hoping to avoid JNI (particularly on the FIPS build), but it seems to
> be looming ever closer.
>
>
Do you *have to* use FIPS? If not then using Java's crypto functions would be
by far the easiest option.
I could extend the openssl utility to support a hex key on the command line: it
makes sense to do that anyway.
JNI looks like the most effective option possibly round a very simple wrapper
function but I'm not familiar with it.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
