Unfortunately that's not an option for our use case On Thu, Oct 29, 2015 at 4:00 AM <[email protected]> wrote:
> Send stunnel-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of stunnel-users digest..." > > > Today's Topics: > > 1. hex key support for psk (Reese Wilson) > 2. Re: hex key support for psk (Michal Trojnara) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 28 Oct 2015 23:12:01 +0000 > From: Reese Wilson <[email protected]> > To: [email protected] > Subject: [stunnel-users] hex key support for psk > Message-ID: > < > caju_q421ksns8mctkc6tapdtwuxjrnbz+69zt_hxjmpjlgb...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I ran into an issue with PSK reading the key as ascii instead of hex. I had > a gnutls-serv and gnutls-cli set up with a hex key, and I switched the > server for one wrapped using stunnel, but using the same key in psk.txt was > failing. I eventually got it working by converting the hex characters to > binary and placing that in the contents of the file specified by PSKsecrets > (psk.txt), but this won't work for certain scenarios. For example, what if > the key contains ascii newline characters? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.stunnel.org/pipermail/stunnel-users/attachments/20151028/8f10a972/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Thu, 29 Oct 2015 09:55:48 +0100 > From: Michal Trojnara <[email protected]> > To: [email protected] > Subject: Re: [stunnel-users] hex key support for psk > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 29.10.2015 00:12, Reese Wilson wrote: > > I ran into an issue with PSK reading the key as ascii instead of > > hex. I had a gnutls-serv and gnutls-cli set up with a hex key, and > > I switched the server for one wrapped using stunnel, but using the > > same key in psk.txt was failing. I eventually got it working by > > converting the hex characters to binary and placing that in the > > contents of the file specified by PSKsecrets (psk.txt), but this > > won't work for certain scenarios. For example, what if the key > > contains ascii newline characters? > > Do it the other way around: generate sufficiently long printable ASCII > pre-shared keys, and then hex-encode them for applications that > require hex-encoded pre-shared keys. The same applies to any other > encoding (base64, rot13, etc.). > > Yes, the interface of stunnel restricts the subset of bytes that may > be used for pre-shared keys (but not the length of those keys). Yes, > this may require generating new pre-shared keys when you migrate to > stunnel from another product. Yes, I consider this to be a feature. > You can use passphrases or your favourite password generator to > generate pre-shared keys for stunnel. Changing the pre-shared key > when you migrate to stunnel is also *good* for your security. > > Mike > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWMd8UAAoJEC78f/DUFuAUoOAQAJkSO2uIulKQWJSZ5HnAViK+ > a+qoVkIIpnmAzp9YUQPZ59/BPQcRfNo0sc3cIvLtr25pLylyF8Tofjrm17bvmYqI > ptyNDWbKOnQmcNiU+mz2oMDFbV9SU6srfGb8RR1dkvGItXU8BNjk5Gg1KIljf7vH > vTEU3RSnzO5TG97KtWAQVOc94rN/VgSW3EMH0VE9UcYn4seXiWM3dTwt0xT1R9UT > G1iU0nl9AMvpLih02Ax7JEg+8S5OYsq3N01qfhmGB2H/lWWGRHUEWOtaDUcv4bBd > lJ+EjZIXpMXl2PMnHz6K4T1WjvQojIrAKeIE3HGSKdanytLNVguqkc6ZXn5PMZR3 > 1yngV2CcF4YOV0MAmtSQWrlbM+vHRNHP+osen5fufaDKBOQPvpF6a7GDM7WcDLbw > y3xkQ7QVPuP6oaePszz/Vc+39NuNhQ5qWdwMthAaOqmuHtzOm84SqdY6bGaMy7vk > JwpQ7ecsARkfufoXJso0NTN1lWYQUjw5CJmK+wgymLv8Z5V1F+hW5RLbrL7CocB+ > uIn71hdLFkWddXNEAbKwRznH9IEla25eGuXuHmRMWkNNgS+E2G6vYqQDrsF5kpYv > LIuPMGn5xZN5Nzx2y4JiWMWu8qHYFEx8Pa6+fB7LWzmtQHWVB8blHUKyBat/OMtV > LrLXUnCMKNv2eHSsgn5D > =vg8c > -----END PGP SIGNATURE----- > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > > ------------------------------ > > End of stunnel-users Digest, Vol 135, Issue 19 > ********************************************** >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
