That's good to know. Thank you.
On 4/20/22, Tassilo Philipp <tphil...@potion-studios.com> wrote:
> Looks to me as it has to have exactly 32 chars.
> From crypto.c:
>
> #define KEY_SIZE 32
>
> ...
>
> static struct crypto_ctx {
> unsigned char key[KEY_SIZE];
> } cp;
>
> ...
>
> int
> crypto_setup(const char *key, size_t len)
> {
> if (len != KEY_SIZE)
> return 0;
> ...
> }
>
>
> I only had a cursory look, so no maybe there are other checks somewhere.
>
> hth
>
>
> On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote:
>> Hi all.
>>
>> I'm on OpenSMTPD 7.0.0 and am trying out queue encryption.
>>
>> Almost any key that I try errors with "smtpd: crypto_setup:invalid key
>> for queue encryption".
>>
>> If I use "openssl rand -hex 16" (which I found in an example on
>> Gilles's site -
>> https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/)
>>
>> it always seems to work, but if I increase the number it often fails.
>>
>> So, mostly out of curiosity, I was wondering what are the limitations
>> for a valid queue encryption key?
>>
>> As a side note, if I check my config (smtpd -n) while queue encryption
>> is set to "-" or "stdin" I get the same error message (although the
>> server still seems to work). Is that a bug?
>>
>> Josey
>>
>
