Hello,
I am trying to take an AES HMAC of a file using the openssl command line program on Linux. I have been looking at the man pages but can't quite figure out how successfully make a HMAC. I can encrypt a file using the enc command with openssl however I can't seem to create a HMAC. The encryption looks like the following:
openssl enc -aes-256-cbc -in plaintext -out ciphertext
Any advice or tutorials would be wonderful
You may be asking about CBC-MAC. For that, I think you just encrypt your message or file with an IV of 0 and then take the last block (16 bytes for AES256-cbc). I found a blog post that describes how to do this with OpenSSL:
openssl enc -e -aes-256-cbc -K 0123456789ABCDEF -iv 0000000000000000 < file | tail -c 16 | od -A n
-K is where you provide your key, which the wiki page says should be different than what you're using to encrypt the file, if you're encrypting it at all.-iv obviously provides an all-zero IV, which is the key for CBC-MAC.tail -c 16 is to get the last AES256-cbc block, which is 16-bytes long.od is to convert it to hex, which that web site says is common. Otherwise instead of od -A n you could do base64 if that's more applicable, or leave it off completely to have just the raw bytes.You can't take an AES HMAC of a file because AES256-cbc is a block cipher, not a hashing algorithm. AES256-cbc is for encrypting and decrypting a file. HMAC is for verifying a file's integrity and requires a hash algorithm at its core such as SHA-1 or MD5.
Are you trying to sign or verify a file, or encrypt it? To sign, check out the OpenSSL dgst command and use simple HMACs like MD5 or SHA-1, or go all out and digitally sign it with DSS/DSA.
Also, I believe using a block cipher as a MAC is called an EMAC, but OpenSSL doesn't do EMAC as far as I know. EMAC just takes the last block of an encrypted file and encrypts it to create a MAC.