Re: What are the limitations for the queue encryption key?
That's good to know. Thank you. On 4/20/22, Tassilo Philipp wrote: > Looks to me as it has to have exactly 32 chars. > From crypto.c: > >#define KEY_SIZE32 > >... > >static struct crypto_ctx { >unsigned char key[KEY_SIZE]; >} cp; > >... > >int >crypto_setup(const char *key, size_t len) >{ >if (len != KEY_SIZE) >return 0; >... >} > > > I only had a cursory look, so no maybe there are other checks somewhere. > > hth > > > On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote: >> Hi all. >> >> I'm on OpenSMTPD 7.0.0 and am trying out queue encryption. >> >> Almost any key that I try errors with "smtpd: crypto_setup:invalid key >> for queue encryption". >> >> If I use "openssl rand -hex 16" (which I found in an example on >> Gilles's site - >> https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/) >> >> it always seems to work, but if I increase the number it often fails. >> >> So, mostly out of curiosity, I was wondering what are the limitations >> for a valid queue encryption key? >> >> As a side note, if I check my config (smtpd -n) while queue encryption >> is set to "-" or "stdin" I get the same error message (although the >> server still seems to work). Is that a bug? >> >> Josey >> >
Re: What are the limitations for the queue encryption key?
Looks to me as it has to have exactly 32 chars. From crypto.c: #define KEY_SIZE32 ... static struct crypto_ctx { unsigned char key[KEY_SIZE]; } cp; ... int crypto_setup(const char *key, size_t len) { if (len != KEY_SIZE) return 0; ... } I only had a cursory look, so no maybe there are other checks somewhere. hth On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote: Hi all. I'm on OpenSMTPD 7.0.0 and am trying out queue encryption. Almost any key that I try errors with "smtpd: crypto_setup:invalid key for queue encryption". If I use "openssl rand -hex 16" (which I found in an example on Gilles's site - https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/) it always seems to work, but if I increase the number it often fails. So, mostly out of curiosity, I was wondering what are the limitations for a valid queue encryption key? As a side note, if I check my config (smtpd -n) while queue encryption is set to "-" or "stdin" I get the same error message (although the server still seems to work). Is that a bug? Josey
What are the limitations for the queue encryption key?
Hi all. I'm on OpenSMTPD 7.0.0 and am trying out queue encryption. Almost any key that I try errors with "smtpd: crypto_setup:invalid key for queue encryption". If I use "openssl rand -hex 16" (which I found in an example on Gilles's site - https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/) it always seems to work, but if I increase the number it often fails. So, mostly out of curiosity, I was wondering what are the limitations for a valid queue encryption key? As a side note, if I check my config (smtpd -n) while queue encryption is set to "-" or "stdin" I get the same error message (although the server still seems to work). Is that a bug? Josey