Using SHA1 as a message digest when generating an aes256 cbc key

Question

I have to do a lab for my computer security class where I am to use gpg and OpenSSL to do secure communication. I am confused about this step:

Use 'openssl enc' command line symmetric cipher routine to generate a 
256bit AES key in CBC mode. You should use SHA1 as a message digest 
function for generating the key. Save generated secret key, IV, and 
salt into file named aes.key. (Use –P opting to print out the key, 
salt and IV used then immediately exit, don’t do any encryption at 
this step.) 

But I am looking through the man pages for openssl enc and I see no options for digests. I know that there is an openssl dgst command but that just computes a hash of the input. Is there a flaw with the question? What does "You should use SHA1 as a message digest function for generating the key" mean? Do I generate a key and then just SHA1(key.aes)?

Any help with this would be appreciated.

Thank you.

Answer 1

From the usage information for openssl enc which you get when giving it an unknown argument such as -h:

-md            the next argument is the md to use to create a key
                 from a passphrase.  One of md2, md5, sha or sha1

So you should use -md sha1 to specify SHA1 as hash function used in key derivation. A complete solution for the step would be:

openssl enc -aes-256-cbc -md sha1 -P

They actually seem to have forgotten to explain -md in the manual page.