[stunnel-users] stunnel-users Digest, Vol 135, Issue 19

• Previous message (by thread): [stunnel-users] One Time Password for https two factor authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Unfortunately that's not an option for our use case

On Thu, Oct 29, 2015 at 4:00 AM <stunnel-users-request at stunnel.org> wrote:

> Send stunnel-users mailing list submissions to
>         stunnel-users at stunnel.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> or, via email, send a message with subject or body 'help' to
>         stunnel-users-request at stunnel.org
>
> You can reach the person managing the list at
>         stunnel-users-owner at stunnel.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of stunnel-users digest..."
>
>
> Today's Topics:
>
>    1. hex key support for psk (Reese Wilson)
>    2. Re: hex key support for psk (Michal Trojnara)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 28 Oct 2015 23:12:01 +0000
> From: Reese Wilson <reesew at tzmedical.com>
> To: stunnel-users at stunnel.org
> Subject: [stunnel-users] hex key support for psk
> Message-ID:
>         <
> CAJU_q421ksnS8mCtkc6tApdTwUXJrNBZ+69Zt_HxJMpJLGBoiA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I ran into an issue with PSK reading the key as ascii instead of hex. I had
> a gnutls-serv and gnutls-cli set up with a hex key, and I switched the
> server for one wrapped using stunnel, but using the same key in psk.txt was
> failing. I eventually got it working by converting the hex characters to
> binary and placing that in the contents of the file specified by PSKsecrets
> (psk.txt), but this won't work for certain scenarios. For example, what if
> the key contains ascii newline characters?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.stunnel.org/pipermail/stunnel-users/attachments/20151028/8f10a972/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Thu, 29 Oct 2015 09:55:48 +0100
> From: Michal Trojnara <Michal.Trojnara at mirt.net>
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] hex key support for psk
> Message-ID: <5631DF14.90003 at mirt.net>
> Content-Type: text/plain; charset=utf-8
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 29.10.2015 00:12, Reese Wilson wrote:
> > I ran into an issue with PSK reading the key as ascii instead of
> > hex. I had a gnutls-serv and gnutls-cli set up with a hex key, and
> > I switched the server for one wrapped using stunnel, but using the
> > same key in psk.txt was failing. I eventually got it working by
> > converting the hex characters to binary and placing that in the
> > contents of the file specified by PSKsecrets (psk.txt), but this
> > won't work for certain scenarios. For example, what if the key
> > contains ascii newline characters?
>
> Do it the other way around: generate sufficiently long printable ASCII
> pre-shared keys, and then hex-encode them for applications that
> require hex-encoded pre-shared keys.  The same applies to any other
> encoding (base64, rot13, etc.).
>
> Yes, the interface of stunnel restricts the subset of bytes that may
> be used for pre-shared keys (but not the length of those keys).  Yes,
> this may require generating new pre-shared keys when you migrate to
> stunnel from another product.  Yes, I consider this to be a feature.
> You can use passphrases or your favourite password generator to
> generate pre-shared keys for stunnel.  Changing the pre-shared key
> when you migrate to stunnel is also *good* for your security.
>
> Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWMd8UAAoJEC78f/DUFuAUoOAQAJkSO2uIulKQWJSZ5HnAViK+
> a+qoVkIIpnmAzp9YUQPZ59/BPQcRfNo0sc3cIvLtr25pLylyF8Tofjrm17bvmYqI
> ptyNDWbKOnQmcNiU+mz2oMDFbV9SU6srfGb8RR1dkvGItXU8BNjk5Gg1KIljf7vH
> vTEU3RSnzO5TG97KtWAQVOc94rN/VgSW3EMH0VE9UcYn4seXiWM3dTwt0xT1R9UT
> G1iU0nl9AMvpLih02Ax7JEg+8S5OYsq3N01qfhmGB2H/lWWGRHUEWOtaDUcv4bBd
> lJ+EjZIXpMXl2PMnHz6K4T1WjvQojIrAKeIE3HGSKdanytLNVguqkc6ZXn5PMZR3
> 1yngV2CcF4YOV0MAmtSQWrlbM+vHRNHP+osen5fufaDKBOQPvpF6a7GDM7WcDLbw
> y3xkQ7QVPuP6oaePszz/Vc+39NuNhQ5qWdwMthAaOqmuHtzOm84SqdY6bGaMy7vk
> JwpQ7ecsARkfufoXJso0NTN1lWYQUjw5CJmK+wgymLv8Z5V1F+hW5RLbrL7CocB+
> uIn71hdLFkWddXNEAbKwRznH9IEla25eGuXuHmRMWkNNgS+E2G6vYqQDrsF5kpYv
> LIuPMGn5xZN5Nzx2y4JiWMWu8qHYFEx8Pa6+fB7LWzmtQHWVB8blHUKyBat/OMtV
> LrLXUnCMKNv2eHSsgn5D
> =vg8c
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
> ------------------------------
>
> End of stunnel-users Digest, Vol 135, Issue 19
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20151030/3fdc7b17/attachment.html>

• Previous message (by thread): [stunnel-users] One Time Password for https two factor authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]