5

I'am looking for a tool that can compute a AES128 CMAC as a command line. Openssl does not seem to offer this feature with the command line. Did I miss something, or do you know a command line tool that can perform this computation?

Gilles 'SO- stop being evil'
  • 104,111
  • 38
  • 209
  • 254
Tom97531
  • 512
  • 7
  • 14

2 Answers2

4

Using newer OpenSSL (1.0.1 I think), you could do:

openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:11223344556677889900112233445566 -sha1 <file>

Choose the cipher with -macopt cipher:<cipher> option and the hash with -<hash>.

Yann Droneaud
  • 5,277
  • 1
  • 23
  • 39
  • 2
    The `-sha1` option needs to be removed since CMAC is based on a cipher as opposed to HMAC which depends on a hash. Same goes for the part about including a hash with `-hash` – sce Mar 18 '17 at 09:36
1

[sweep over old questions]

Looked in source of openssl, but could not find it either. There is a patch available for openssl (search for peter, ibm and openssl) but you will have to test it against the latest and rebuild. OpenSSL is a very useful but horribly maintained library/tool.

If there is another tool that does AES/CMAC, it's very good at hiding as well.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263