-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Dave Thompson
Sent: 07 February 2009 01:59
To: [email protected]
Subject: RE: OpenSSL command line HMAC
> > Without the quotes, if my hmac key contains a space or tab character,
> > it seems that somewhere along the way, the two halves of the key are
> > treated as separate parameters. So, if my key was "£$%& £$%&*",
> > attempting to execute the command simply results in OpenSSL giving a
> > "£$%&* not found" error.
> >
> Are those pounds in 8859-1, as posted? I don't use any non-US charsets here
> and so can't easily test that, but with "$%& $%&*" (minus quotes) it (still)
> works for me. (I previously lazily tested on my local Windows instead of
> Linux, but this time to be certain I used a convenient Linux box, which
> actually has an older jre, 1.5.0_06-b05 .)
Sorry - those were intended to be indicative of non-printable characters.
The actual key is a string of bytes, effectively chosen at random (i.e. in
the range 0x00-0xff).
> <snip>
> > Incidentally, the simple approach (simply passing the key as a
> > parameter, regardless of its content) worked flawlessly under Windows
> > (using non-FIPS OpenSSL).
> >
> That makes me really suspicious. I wonder if it might be an issue with
> high-half signed characters somewhere, or Unicode encoding, or such.
> Could you try passing the desired arguments to instead a simple program
> that just shows you exactly what it's getting, something like:
> [snip]
Yes, I think you've hit the nail on the head there. One of the problems
seems to lie in the byte[] -> String conversion.
In some test code I have a block like this:
byte[] key = {... 32 bytes ...}
String keyString = new String(key);
System.out.println(key.length);
System.out.println(keyString.length());
Under Windows, for my test key, key.length and keyString.length are both 32.
Under Linux, the former is 32, but the latter is 29.
I can (try to) force the same encoding:
String keyString = new String(key, "Cp1252");
Now the lengths match, but the resulting hash differs between Linux and Windows
(and from the test data I'm using, I know that the Windows hash is correct).
If the key contains a zero-byte, then the command fails under both Linux and
Windows.
Ultimately, I've opted for Steffan's suggestion, with the Java code generating
an escaped character sequence and passing this to a bash script. As far as I
can determine, there's no way of forcing Java to produce a String which contains
exactly the desired set of bytes.
Thanks to everyone for the suggestions.
Alistair.
Please help Logica to respect the environment by not printing this email /
Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail
/ Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei
die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não
imprimindo este correio electrónico.
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
