On Aug 10, 2013, Radostan Riedel wrote: > On Fri, 09. Aug 22:52, Michael Rash wrote: > > Interesting. When you send an SPA packet with GPG+HMAC with SHA256, how > > many bytes long is the SPA packet? This info is printed at the end of > > the client output in --verbose mode. With both DIGEST_TYPE and > > HMAC_DIGEST_TYPE (which aren't the same thing) set to SHA512 along with > > a 2048-bit GPG key on my system the SPA packets are nearly 1200 bytes > > long. Are you using larger GPG keys? > I'm using 2048-bit rsa keys. > > ... > Client Timeout: 30 (seconds) > Digest Type: 3 (SHA256) > HMAC Type: 3 (SHA256) > Encryption Type: 2 (GPG) > Encryption Mode: 7 (Asymmetric) > ... > send_spa_packet: bytes sent: 1395 > > Without HMAC: > ... > Client Timeout: 30 (seconds) > Digest Type: 3 (SHA256) > HMAC Type: 0 (Unknown) > Encryption Type: 2 (GPG) > Encryption Mode: 7 (Asymmetric) > ... > send_spa_packet: bytes sent: 1352 > > And normally with fwknop 2.0 I was always using sha512 and this still works > without HMAC: > ... > Client Timeout: 30 (seconds) > Digest Type: 5 (SHA512) > HMAC Type: 0 (Unknown) > Encryption Type: 2 (GPG) > Encryption Mode: 7 (Asymmetric) > ... > send_spa_packet: bytes sent: 1409 > > The weird thing is that I can use SHA512 as HMAC and Digest type. I can't > reproduce the client side > error. > send_spa_packet: bytes sent: 1495 > > I'm attaching my gpg pub key.
Those packet lengths are getting really close to the 1500 byte maximum that is enforced by libfko. I'm wondering if a solution might be to use a higher level of compression either in your gpg engine directly or through libgpgme, but I don't see an obvious way to manipulate this through libgpgme. I suspect that if you try 1024-bit keys then everything will work. With the key you sent imported into the test suite keyrings as the server public key (with decryption obviously not working), the client is able to generate SPA packets. But, with both DIGEST_TYPE and HMAC_DIGEST_TYPE set to sha512 I'm only getting SPA packets of about 900 bytes. I'll keep digging. Thanks, --Mike > regards > Radi > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.4.12 (GNU/Linux) > > mQENBFEKTBABCADWT9tIo6F7GzB71eSB4umjwLOKWLRqZptqGJyJl96Vd+HQzlBG > pvMCdACUfobu361r3ZlLItN7RamOqRdAssRzN0VOf8n9hJaU9Lo6eKXObfdL3Wkq > lH3Xnwkugxc4sw0vXD9Ht0N8LPt1ltmVQwlqkwWHsnVS7vD51vkVpRgF5Bd0jb/O > CMVTh+fMWXhJ4KRpPxKhTR2Qaih6peWz4qYEE0xpeXN741O6CGeKuUc9TCeF41eg > wbI79Im9OODUG0xbQaI7PQSetQYOAv+LASinQh3+QJgw9XLhsPtaLfFSvZCnPKZP > lsPIm9M11YZjTbNlZ+umi9MY0ilCdCfrTuUhABEBAAG0J1JhZG9zdGFuIFJpZWRl > bCA8cmllZGVsQHVuaS1tYXJidXJnLmRlPokBOwQTAQIAJQIbAwYLCQgHAwIGFQgC > CQoLBBYCAwECHgECF4AFAlELw5ACGQEACgkQ3hnG/vupsHjL6ggAkisURuKYL/bu > EokxXDxKFfAtVoObgrRHmbXFuuVD3gOVSOZBw4J8QRPdUTvsQYt394PdBAbYhjv4 > sFk3Znz/pWE+IdWIaaRKHQ0MgmY43LLT3UOmYa41go7fX5e4QOUGZ3JBeoRpURRA > 6WMBmaYFdYN8A9aIeCGVnDfle2WDfGMax3VfUaaLxXwUku/oTR94YcPYdw4GS5+D > RrR0CmXZEcgZl8bmqS6yNLPIuHZ0P0jbfegpKugfABbELWApKL06kQyEJW5IWsi6 > vhQP3FTL4GFez835mDl9PIy++UArZqqu09WvfAuOJPzv5WYLRRDQUR0CtOeX0M7J > S0yG1TeIFIhGBBARAgAGBQJRC8PgAAoJEBKUMvpPlZ1+1C0An3RYLBR+JQNoSebg > /LG902D/dl06AJ9sQKKxg0oHvdyMac8MFE8aVZD2h7QsUmFkb3N0YW4gUmllZGVs > IDxyb290QGNoZW1pZS51bmktbWFyYnVyZy5kZT6JATgEEwECACIFAlELw14CGwMG > CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEN4Zxv77qbB4YdcH/jsrexKgMgPw > 0r2mB5d99pi2PDmVzqL/BBfSlgkao3eArIx2I9Je/jztTt4ZLHRCrNmU9MYBLYUP > nmK9Pr3ZYW0BQaDYMATkYbshTEFH55Gf2yQ6X//XRPlMeC1EL64XF8vYxCYgxr/E > onquA4iFdeLKOrZ9ZuKGMlhXO3qjrSlg55B8uB+0h0B9t6fHXK+Se/2bdX5+eVpA > DYkGxldBXTkaRkt6kiHS8zBjFcaU6tGXIzwerUFd9VTYov0xKdxsVCSi0+cWaPm0 > 5uC0SbjyJYcC7369bcK9k/edYVZqxhabLtZpUbIfspqZl2c84snVfgzRhMrAiCtC > 9//n8Df6Q66IRgQQEQIABgUCUQvD4AAKCRASlDL6T5Wdfty1AJ9d6mg7ugrag5AU > A9VeBy5VE1Vv1gCfWHuosUFLUqzpqfNMcqVUfwvU2nu0KVJhZG9zdGFuIFJpZWRl > bCA8cmF5YnVudHVAZ29vZ2xlbWFpbC5jb20+iQE4BBMBAgAiBQJRC8MhAhsDBgsJ > CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDeGcb++6mweAuiB/9d1IBYG/Ka7uni > wAe8jF4FhTk3QABzORWW3C5ZT6cMsv0QHe0g8WcIOeGVay59dV82CAcaw0UwNZFB > oA88/gWbUX+BAz2CslKmt5x6aBx/zNTmDgqLj6SKyTKRVFN0uB9zSpTiCElRcQFQ > OSPA+Khl050WEbepOgJy988MMKBTJBouWPcX0WW901PJsu+NxtlCy7LiaBCS/BGx > vkIqHeaLc1SyAE3L9nF04khGbrCt8r7IRQ2T23EPc8AL2Jegj0+0IC1sqhIyvo/2 > 28Y0Ikfqjnn9VFQ9APQlL39ePcOMnvF0JZNK8Rdny7hOcPySwlo3/Oq7XdZcqBmu > SH7ru3qriEYEEBECAAYFAlELw+AACgkQEpQy+k+VnX7tGwCdGVFIz6s5fG8eS1nU > Mq+pBlhuXScAnjVhpzzccQOydOJslyMRWFQOt0QntCRSYWRvc3RhbiBSaWVkZWwg > PHJheWJ1bnR1QGdtYWlsLmNvbT6JATgEEwECACIFAlELw0YCGwMGCwkIBwMCBhUI > AgkKCwQWAgMBAh4BAheAAAoJEN4Zxv77qbB4Y2wIAIanZBsGAB9Hi+FKgABv/OIX > C/HJLIoChs9OJAXc05QR0UZQ/Ba1EelSGl8sWh6/Hir3suE4AZrX4XVXy+uTZ31Y > kn4N/p/JVue9XKEiUMZUOUPZMMwCq7W3gbEsQKfmTiVAmWiJzwb4FQpoVbR9XB81 > LNcXT3lvC/f83Yo5lIeXsEB7dSxub8iwjeMGas+XuiSbLY4cTwB6L2ES5M32sDyv > xeo/qKW7ZFk7Bj2f/4wecjdLzBlT8aDmSrgwPCNOgwLWGwGK4ZBmkyiVVkKmz7Ae > U8UCjHL1L9CTjPBrrTdJxaQLxnWobns6kX93HAGwjjYrXreVWZ0sX7PYKdcWiMSI > RgQQEQIABgUCUQvD4AAKCRASlDL6T5WdfsO3AJwJrHJ3HrQ5kd540TeHznBqNW8b > lACcDEyh+ihycno25wEQkCsgcRwHnSe5AQ0EUQpMEAEIAJ8FCGKlmAAiGePag+WV > FHNXdlYnwGri1+Qus2FcBR/j5MfcUzGN3cw1gqRp3PIJrztsEtNYqceDmT5OBFIf > 4h2uE/s7AD1SdVSIS1XEwma5coz+6ZzM1DPV6W8IxzC0XUEOeZi+jGl0yU36s+qW > 2fNw3QmvVTBL01Mp/PnjxOlMVngE0d+3Cilp5XFuQkOWkT0FIAHhJUFrXeqbjEea > LH5eZPTBjn1Rsrz5ELYF9Wm055HNmnVP0rKYZM5sZV+mZ1zpd+KOcOGiRpslIeCE > 0nalRQN1aZwnT9n8hv+EijgUmxOKU1ki2lHWYnxw0SSSzlrjrjzNnhsnr8Bq0wJm > UUsAEQEAAYkBHwQYAQIACQUCUQpMEAIbDAAKCRDeGcb++6mweCgbB/9mzyiAfqHa > jxDVQy1+DemvHrrxVRnrE9s67Y9j+LjdkzKpiMftRFZRkpBXOq4u7dgBtaV7hpLc > r5wbUH9MAwQhE6jsoD38vDWu3AGtCQzVCvPHWdRFc7Z2SIuAbks0W41c/58DfNmZ > +p/xywmKgzdeWqryMZxGlXbaU17KTgRrytlf8eS3qH7DqvXqP+nLMYw+SkXvZ5hR > u3xbj4sdkJYsGhVOFj15vBB6F+we/OMmQCCXTJaXvxNg93dlZy93M4G72Qrz/tpM > +FA7QH53YmNE5+hM/LKuVS27z/HlcEPIGptyweMvx5smIbOD3F8FcwK9MKpkTOxu > 02nKkn1hAOgd > =1gy0 > -----END PGP PUBLIC KEY BLOCK----- > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
