Hi Michael,
I'm sorry, my system only creates users by adding "usmUser" entries to the
configuration file directly, so I don't know anything about how snmpusm
should work.
Bill
On Wed, Jun 5, 2024 at 1:09 PM north digitalphenomena.com <
no...@digitalphenomena.com> wrote:
>
> Bill,
>
> I have compiled net-snmp (5.9.3) with the "--enable-blumenthal-aes"
> configure
> option, yet when I run any of the commands for creating a user with
> AES-192 or
> AES-256 give me a "Decryption error" (see below). OpenSSL does have the
> 192/256 set of variants for AES showing up in the list with "openssl list
> -cipher-algorithms" --
> Is there something else that needs to be turned on the in net-snmp to make
> this extension operable? (Or OpenSSL (version 3.0.8), for that matter).
>
> Thanks,
>
> Michael North
>
> + awk 'BEGIN {FS=":"} {print $2}'
> + passwd='admin_test_password#9812'
> + '[' '!' -z 'admin_test_password#9812' ]
> + '[' '!' -z authPriv ]
> + '[' '!' -z SHA ]
> + adminAuth=' -l authPriv -a SHA -A admin_test_password#9812'
> + '[' '!' -z AES-256 ]
> + encrypt='-x AES-256 -X admin_test_password#9812'
> + snmpusm -v 3 -u adminextronshaaes256 -n -l authPriv -a SHA -A
> 'admin_test_password#9812' -x AES-256 -X 'admin_test_password#9812'
> /tmp/xsnmp/snmpagent create danellb adminextronshaaes256
> snmpset: Decryption error
> + status=
>
>
>
> ------------------------------
> *From:* Bill Fenner <fen...@gmail.com>
> *Sent:* Tuesday, June 4, 2024 11:13 PM
> *To:* sukeerthi bj <sukeerth...@gmail.com>
> *Cc:* net-snmp-coders@lists.sourceforge.net <
> net-snmp-coders@lists.sourceforge.net>
> *Subject:* Re: AES192 and SHA256 support
>
> Hi Sukeerthi,
>
> You're looking at the code that is used when NETSNMP_USE_PKCS11 is
> defined. The SHA2 hashes such as SHA256 are only available with OpenSSL,
> in which case we use sc_get_openssl_hashfn() to pick the hash function that
> corresponds with the configured hash algorithm.
>
> Bill
>
>
> On Fri, May 17, 2024 at 7:44 AM sukeerthi bj <sukeerth...@gmail.com>
> wrote:
>
> Hi,
>
> I see AES192 and SHA256 support in SNMP, but wanted to understand if below
> code is doing right? Here for pcks_generate_ku only CKM_SHA_1 is passed.
> For SHA256 should not CKM_SHA256 be passed here instead?
> Can anyone have a look into this and explain?
>
> #ifndef NETSNMP_DISABLE_MD5
> if (NETSNMP_USMAUTH_HMACMD5 == auth_type)
> return pkcs_generate_Ku(CKM_MD5, P, pplen, Ku, kulen);
> else
> #endif
> if (NETSNMP_USMAUTH_HMACSHA1 == auth_type)
> return pkcs_generate_Ku(CKM_SHA_1, P, pplen, Ku, kulen);
> else {
> return (SNMPERR_GENERR);
> _______________________________________________
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
>
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
