Hi Michael, I'm sorry, my system only creates users by adding "usmUser" entries to the configuration file directly, so I don't know anything about how snmpusm should work.
Bill On Wed, Jun 5, 2024 at 1:09 PM north digitalphenomena.com < no...@digitalphenomena.com> wrote: > > Bill, > > I have compiled net-snmp (5.9.3) with the "--enable-blumenthal-aes" > configure > option, yet when I run any of the commands for creating a user with > AES-192 or > AES-256 give me a "Decryption error" (see below). OpenSSL does have the > 192/256 set of variants for AES showing up in the list with "openssl list > -cipher-algorithms" -- > Is there something else that needs to be turned on the in net-snmp to make > this extension operable? (Or OpenSSL (version 3.0.8), for that matter). > > Thanks, > > Michael North > > + awk 'BEGIN {FS=":"} {print $2}' > + passwd='admin_test_password#9812' > + '[' '!' -z 'admin_test_password#9812' ] > + '[' '!' -z authPriv ] > + '[' '!' -z SHA ] > + adminAuth=' -l authPriv -a SHA -A admin_test_password#9812' > + '[' '!' -z AES-256 ] > + encrypt='-x AES-256 -X admin_test_password#9812' > + snmpusm -v 3 -u adminextronshaaes256 -n -l authPriv -a SHA -A > 'admin_test_password#9812' -x AES-256 -X 'admin_test_password#9812' > /tmp/xsnmp/snmpagent create danellb adminextronshaaes256 > snmpset: Decryption error > + status= > > > > ------------------------------ > *From:* Bill Fenner <fen...@gmail.com> > *Sent:* Tuesday, June 4, 2024 11:13 PM > *To:* sukeerthi bj <sukeerth...@gmail.com> > *Cc:* net-snmp-coders@lists.sourceforge.net < > net-snmp-coders@lists.sourceforge.net> > *Subject:* Re: AES192 and SHA256 support > > Hi Sukeerthi, > > You're looking at the code that is used when NETSNMP_USE_PKCS11 is > defined. The SHA2 hashes such as SHA256 are only available with OpenSSL, > in which case we use sc_get_openssl_hashfn() to pick the hash function that > corresponds with the configured hash algorithm. > > Bill > > > On Fri, May 17, 2024 at 7:44 AM sukeerthi bj <sukeerth...@gmail.com> > wrote: > > Hi, > > I see AES192 and SHA256 support in SNMP, but wanted to understand if below > code is doing right? Here for pcks_generate_ku only CKM_SHA_1 is passed. > For SHA256 should not CKM_SHA256 be passed here instead? > Can anyone have a look into this and explain? > > #ifndef NETSNMP_DISABLE_MD5 > if (NETSNMP_USMAUTH_HMACMD5 == auth_type) > return pkcs_generate_Ku(CKM_MD5, P, pplen, Ku, kulen); > else > #endif > if (NETSNMP_USMAUTH_HMACSHA1 == auth_type) > return pkcs_generate_Ku(CKM_SHA_1, P, pplen, Ku, kulen); > else { > return (SNMPERR_GENERR); > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders