-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 29.10.2015 00:12, Reese Wilson wrote: > I ran into an issue with PSK reading the key as ascii instead of > hex. I had a gnutls-serv and gnutls-cli set up with a hex key, and > I switched the server for one wrapped using stunnel, but using the > same key in psk.txt was failing. I eventually got it working by > converting the hex characters to binary and placing that in the > contents of the file specified by PSKsecrets (psk.txt), but this > won't work for certain scenarios. For example, what if the key > contains ascii newline characters?
Do it the other way around: generate sufficiently long printable ASCII pre-shared keys, and then hex-encode them for applications that require hex-encoded pre-shared keys. The same applies to any other encoding (base64, rot13, etc.). Yes, the interface of stunnel restricts the subset of bytes that may be used for pre-shared keys (but not the length of those keys). Yes, this may require generating new pre-shared keys when you migrate to stunnel from another product. Yes, I consider this to be a feature. You can use passphrases or your favourite password generator to generate pre-shared keys for stunnel. Changing the pre-shared key when you migrate to stunnel is also *good* for your security. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWMd8UAAoJEC78f/DUFuAUoOAQAJkSO2uIulKQWJSZ5HnAViK+ a+qoVkIIpnmAzp9YUQPZ59/BPQcRfNo0sc3cIvLtr25pLylyF8Tofjrm17bvmYqI ptyNDWbKOnQmcNiU+mz2oMDFbV9SU6srfGb8RR1dkvGItXU8BNjk5Gg1KIljf7vH vTEU3RSnzO5TG97KtWAQVOc94rN/VgSW3EMH0VE9UcYn4seXiWM3dTwt0xT1R9UT G1iU0nl9AMvpLih02Ax7JEg+8S5OYsq3N01qfhmGB2H/lWWGRHUEWOtaDUcv4bBd lJ+EjZIXpMXl2PMnHz6K4T1WjvQojIrAKeIE3HGSKdanytLNVguqkc6ZXn5PMZR3 1yngV2CcF4YOV0MAmtSQWrlbM+vHRNHP+osen5fufaDKBOQPvpF6a7GDM7WcDLbw y3xkQ7QVPuP6oaePszz/Vc+39NuNhQ5qWdwMthAaOqmuHtzOm84SqdY6bGaMy7vk JwpQ7ecsARkfufoXJso0NTN1lWYQUjw5CJmK+wgymLv8Z5V1F+hW5RLbrL7CocB+ uIn71hdLFkWddXNEAbKwRznH9IEla25eGuXuHmRMWkNNgS+E2G6vYqQDrsF5kpYv LIuPMGn5xZN5Nzx2y4JiWMWu8qHYFEx8Pa6+fB7LWzmtQHWVB8blHUKyBat/OMtV LrLXUnCMKNv2eHSsgn5D =vg8c -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
