I am working with Openssl 0.9.8k, using the EVP API in my project to encrypt/decrypt data with AES256CBC.
我正在使用Openssl 0.9.8k,使用项目中的EVP API使用AES256CBC加密/解密数据。
TIll now i am taking the Password input from user using fgets(pwd,pwd_len,stdin).
到目前为止,我使用fgets从用户那里获取密码输入(pwd、pwd_len、stdin)。
Is there any function available with openssl which facilitates secure password input. I tried searching on net but could not find any.(openssl documentation itself is not sufficient)
openssl是否有任何可用于安全密码输入的功能。我试着在网上搜索,但是没有找到。(openssl文档本身是不够的)
Any suggestions or pointers towards any documentation will be highly appreciated.
如对任何文档有任何建议或建议,我们将不胜感激。
NOTE:: If there is no function as such with Openssl, can someone please suggest me the possible security loopholes that can be exploited in taking the password in my current approach from stdin using fgets so that i can write my own custom function for this.
注意::如果Openssl没有类似的功能,请有人建议我在使用fgets从stdin获取密码时可能存在的安全漏洞,以便我可以为此编写自己的自定义函数。
many thanks
非常感谢
1 个解决方案
#1
2
openssl will prompt the user for a password if you use the pem routines to open a password-protected file - it's described at http://www.openssl.org/docs/crypto/pem.html (search for "prompt"). those functions also allow you to specify a callback routine that does the prompting; the default callback is the one that prompts the user.
如果您使用pem例程打开一个密码保护文件,openssl将提示用户输入密码——在http://www.openssl.org/docs/crypto/pem.html(搜索“prompt”)中有描述。这些函数还允许您指定执行提示的回调例程;默认回调是提示用户的回调。
what i can't find is any documentation for the default callback routine - i think you will need to go hunting in the code. but if you just wanted to read a password-protected file then the above may be sufficient.
我找不到任何关于默认回调例程的文档——我认为您需要在代码中查找。但是,如果您只是想阅读一个密码保护文件,那么上面的内容可能就足够了。
#1
2
openssl will prompt the user for a password if you use the pem routines to open a password-protected file - it's described at http://www.openssl.org/docs/crypto/pem.html (search for "prompt"). those functions also allow you to specify a callback routine that does the prompting; the default callback is the one that prompts the user.
如果您使用pem例程打开一个密码保护文件,openssl将提示用户输入密码——在http://www.openssl.org/docs/crypto/pem.html(搜索“prompt”)中有描述。这些函数还允许您指定执行提示的回调例程;默认回调是提示用户的回调。
what i can't find is any documentation for the default callback routine - i think you will need to go hunting in the code. but if you just wanted to read a password-protected file then the above may be sufficient.
我找不到任何关于默认回调例程的文档——我认为您需要在代码中查找。但是,如果您只是想阅读一个密码保护文件,那么上面的内容可能就足够了。