OpenSSL Authenticated Encryption

StackOverflow https://stackoverflow.com/questions/18117328

Question

I'm trying to use OpenSSL for authenticated encryption. Specifically, I'm trying to use AES-256-GCM (or CCM).

However, when I run openssl list-cipher-commands, I don't see it. The only AES ciphers shown are these:

aes-128-cbc
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc
aes-256-ecb

I'm on openssl 1.0.1e, so it should be supported.

Was it helpful?

Solution

OpenSSL supports aes-256-gcm as an algorithm, but it does not support aes-256-gcm as a command tool. The difference is that you can enter openssl aes-256-cbc in the command line to encrypt something. On the other hand, there are no such openssl aes-256-gcm command line tool.

You can use the EVP interface to call aes-256-gcm algorithm, as this answer shows.

By the way, you may try to use openssl enc aes-256-gcm in the command line. That does not work either, because no additional authenticated data will be handled by the enc command. See more information here.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top