Hi Michael, Thanks for the quick response!
My experimentation so far is consistent with your assessment of my situation. The recipient key is 4096 bits. I'll need to create a shorter key. The confusing thing to me is that the other systems from which I'm creating and sending the SPA packets is working (same public key for the remote user, same destination host, etc., etc. I am sure there is something that's different, I simply have not stumbled on what it is. I concur with Radi in the related post. Documentation with hints would be helpful in diagnosing problems like this. Count me in for helping with that. Thanks again for your help! Best regards, ~David On Sun, 11 Aug 2013 14:23:24 -0400 you corralled some electrons and wrote: > > ... > Cool, that is the latest commit on github. This includes Hank > Leininger's patch for better libfko error codes, and the > FKO_ERROR_INVALID_DATA_ENCRYPT_GPG_RESULT_MSGLEN_VALIDFAIL error is > quite instructive. It is being called as follows: > > https://github.com/mrash/fwknop/blob/master/lib/fko_encryption.c#L399 > > That error code is only returned when is_valid_encoded_msg_len() fails, > and in this case that is because the encrypted SPA payload coming back > from gpg is longer than 1500 bytes. > > I'd say there are couple of things to try: > > - Add the line "compress-level 9" to your ~/.gnupg/options file. > Assuming that gpg-agent picks this up, then I think it will apply to > SPA packets that are encrypted via libgpgme (used by fwknop). The > server side might need this option added too - not sure about that. > - Add "DIGEST_TYPE md5" to your ~/.fwknoprc file under the [default] > stanza section (towards the top). Even though md5 is not secure, you > are still using gpg which should eliminate this as a problem although > I'd still recommend using an HMAC since libgpgme functions aren't even > executed unless the HMAC check passes. > ... > > If the suggestions don't work above, then you may need to reduce your > gpg key sizes. > > Thanks, > > --Mike
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
