Re: What are the limitations for the queue encryption key?
That's good to know. Thank you.
On 4/20/22, Tassilo Philipp wrote:
> Looks to me as it has to have exactly 32 chars.
> From crypto.c:
>
>#define KEY_SIZE32
>
>...
>
>static struct crypto_ctx {
>unsigned char key[KEY_SIZE];
>} cp;
>
>...
>
>int
>crypto_setup(const char *key, size_t len)
>{
>if (len != KEY_SIZE)
>return 0;
>...
>}
>
>
> I only had a cursory look, so no maybe there are other checks somewhere.
>
> hth
>
>
> On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote:
>> Hi all.
>>
>> I'm on OpenSMTPD 7.0.0 and am trying out queue encryption.
>>
>> Almost any key that I try errors with "smtpd: crypto_setup:invalid key
>> for queue encryption".
>>
>> If I use "openssl rand -hex 16" (which I found in an example on
>> Gilles's site -
>> https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/)
>>
>> it always seems to work, but if I increase the number it often fails.
>>
>> So, mostly out of curiosity, I was wondering what are the limitations
>> for a valid queue encryption key?
>>
>> As a side note, if I check my config (smtpd -n) while queue encryption
>> is set to "-" or "stdin" I get the same error message (although the
>> server still seems to work). Is that a bug?
>>
>> Josey
>>
>
Re: What are the limitations for the queue encryption key?
Looks to me as it has to have exactly 32 chars.
From crypto.c:
#define KEY_SIZE32
...
static struct crypto_ctx {
unsigned char key[KEY_SIZE];
} cp;
...
int
crypto_setup(const char *key, size_t len)
{
if (len != KEY_SIZE)
return 0;
...
}
I only had a cursory look, so no maybe there are other checks somewhere.
hth
On Wed, Apr 20, 2022 at 03:52:38PM +0100, Josey Smith wrote:
Hi all.
I'm on OpenSMTPD 7.0.0 and am trying out queue encryption.
Almost any key that I try errors with "smtpd: crypto_setup:invalid key
for queue encryption".
If I use "openssl rand -hex 16" (which I found in an example on
Gilles's site -
https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/)
it always seems to work, but if I increase the number it often fails.
So, mostly out of curiosity, I was wondering what are the limitations
for a valid queue encryption key?
As a side note, if I check my config (smtpd -n) while queue encryption
is set to "-" or "stdin" I get the same error message (although the
server still seems to work). Is that a bug?
Josey
What are the limitations for the queue encryption key?
Hi all. I'm on OpenSMTPD 7.0.0 and am trying out queue encryption. Almost any key that I try errors with "smtpd: crypto_setup:invalid key for queue encryption". If I use "openssl rand -hex 16" (which I found in an example on Gilles's site - https://poolp.org/posts/2013-04-26/opensmtpd-table_proc-queue_proc-crypto-queue-and-other-stuff/) it always seems to work, but if I increase the number it often fails. So, mostly out of curiosity, I was wondering what are the limitations for a valid queue encryption key? As a side note, if I check my config (smtpd -n) while queue encryption is set to "-" or "stdin" I get the same error message (although the server still seems to work). Is that a bug? Josey
