On Aug 10, 2013, Radostan Riedel wrote: > Hi, > > I was just trying HMAC with Digest type SHA512 with this stanza: > > [some.IP.of.my.server] > USE_GPG Y > DIGEST_TYPE sha512 > USE_GPG_AGENT Y > GPG_RECIPIENT abdcdefh > GPG_SIGNER 12345678 > SPOOF_USER somerandomuser > ACCESS tcp/22 > SPA_SERVER some.IP.of.my.server > HMAC_KEY_BASE64 somegeneratedbase64key > RAND_PORT Y > USE_HMAC Y > > fwknop -n some.IP.of.my.server -R -v > > Gives me the server side error: > > (stanza #1) Error creating fko context (before decryption): Args contain > invalid data > > When I change to DIGEST_TYPE sha256 it works. So I thought maybe I need the > same > HMAC digest type, so I used "--hmac-digest-type sha512" with resulting client > side > error: > > Final Packed/Encrypted/Encoded Data: > > (null) > > send_spa_packet: Error #9 from fko_get_spa_data: There is no encoded data to > process > send_spa_packet: packet not sent. > [*] Could not zero out sensitive data buffer. > > The base64 key was generated according to the documentation: > echo -n "some gpg passphrase" | base64 > > Am I missing something? > > Additional info: I'm using the recent Debian testing fwknop-client package in > my > Debian Wheezy. For the server I backported Franck's Debian package without > changes for Ubuntu 12.04.
Interesting. When you send an SPA packet with GPG+HMAC with SHA256, how many bytes long is the SPA packet? This info is printed at the end of the client output in --verbose mode. With both DIGEST_TYPE and HMAC_DIGEST_TYPE (which aren't the same thing) set to SHA512 along with a 2048-bit GPG key on my system the SPA packets are nearly 1200 bytes long. Are you using larger GPG keys? Thanks, --Mike > regards > Radi ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
