[Gambas-user] What is equivalent of -nosalt in gambas gb.openssl
Tobias Boege
taboege at gmail.com
Wed Apr 8 19:40:46 CEST 2020
On Wed, 08 Apr 2020, T Lee Davidson wrote:
> On 4/8/20 3:08 AM, Safiur Rahman wrote:
> > How can I get the following command using gb.openssl
> > Shell "echo abc | openssl enc -aes-256-cbc -nosalt -pass pass:password | base64"
> >
> > Safiur Rahman
> >
>
> I am certainly no expert on this. But, as far as I can tell, you can't
>
I think I agree with your judgement. One way to do this is as T Lee
described and I think exposing key derivation functions was another
TODO anyway. So one could kill two birds with one stone here.
BTW: I'm almost sure that at least some openssl utilities currently
deployed use MD5 in their key derivation -- you might want to try if
that fixes the incompatibility of your code that uses SHA-256.
Another way is to introduce an edge case for EncryptSalted. Currently
if EncryptSalted does not receive a Salt argument, it generates one
at random. An API to implement -nosalt that would maintain plausible
API compatibility would require the user to pass a salt argument but
make it Null, i.e.:
EncryptSalted(sData, sPassword) ' use random salt
EncryptSalted(sData, sPassword, sSalt) ' use given salt
EncryptSalted(sData, sPassword, Null) ' new: no salt
*Currently* the last invocation would result in a salt consisting
entirely of NUL bytes, which is arguably not what one would expect
either way.
Regards,
Tobias
--
"There's an old saying: Don't change anything... ever!" -- Mr. Monk
More information about the User
mailing list