Looks to me as it has to have exactly 32 chars.
From crypto.c:
#define KEY_SIZE 32
...
static struct crypto_ctx {
unsigned char key[KEY_SIZE];
} cp;
...
int
crypto_setup(const char *key, size_t len)
{
if (len != KEY_SIZE)
return 0;
...
}
I only had a cursory look, so no maybe there are other checks somewhere.
hth
On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote:
Hi all.
I'm on OpenSMTPD 7.0.0 and am trying out queue encryption.
Almost any key that I try errors with "smtpd: crypto_setup:invalid key
for queue encryption".
If I use "openssl rand -hex 16" (which I found in an example on
Gilles's site -
https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/)
it always seems to work, but if I increase the number it often fails.
So, mostly out of curiosity, I was wondering what are the limitations
for a valid queue encryption key?
As a side note, if I check my config (smtpd -n) while queue encryption
is set to "-" or "stdin" I get the same error message (although the
server still seems to work). Is that a bug?
Josey