<div dir="ltr">Unfortunately that's not an option for our use case</div><br><div class="gmail_quote"><div dir="ltr">On Thu, Oct 29, 2015 at 4:00 AM <<a href="mailto:stunnel-users-request@stunnel.org">stunnel-users-request@stunnel.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send stunnel-users mailing list submissions to<br>
<a>stunnel-users@stunnel.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a rel="noreferrer">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a>stunnel-users-request@stunnel.org</a><br>
<br>
You can reach the person managing the list at<br>
<a>stunnel-users-owner@stunnel.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of stunnel-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. hex key support for psk (Reese Wilson)<br>
2. Re: hex key support for psk (Michal Trojnara)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 28 Oct 2015 23:12:01 +0000<br>
From: Reese Wilson <<a>reesew@tzmedical.com</a>><br>
To: <a>stunnel-users@stunnel.org</a><br>
Subject: [stunnel-users] hex key support for psk<br>
Message-ID:<br>
<<a>CAJU_q421ksnS8mCtkc6tApdTwUXJrNBZ+69Zt_HxJMpJLGBoiA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I ran into an issue with PSK reading the key as ascii instead of hex. I had<br>
a gnutls-serv and gnutls-cli set up with a hex key, and I switched the<br>
server for one wrapped using stunnel, but using the same key in psk.txt was<br>
failing. I eventually got it working by converting the hex characters to<br>
binary and placing that in the contents of the file specified by PSKsecrets<br>
(psk.txt), but this won't work for certain scenarios. For example, what if<br>
the key contains ascii newline characters?<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a rel="noreferrer">http://www.stunnel.org/pipermail/stunnel-users/attachments/20151028/8f10a972/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 29 Oct 2015 09:55:48 +0100<br>
From: Michal Trojnara <<a>Michal.Trojnara@mirt.net</a>><br>
To: <a>stunnel-users@stunnel.org</a><br>
Subject: Re: [stunnel-users] hex key support for psk<br>
Message-ID: <<a>5631DF14.90003@mirt.net</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
On 29.10.2015 00:12, Reese Wilson wrote:<br>
> I ran into an issue with PSK reading the key as ascii instead of<br>
> hex. I had a gnutls-serv and gnutls-cli set up with a hex key, and<br>
> I switched the server for one wrapped using stunnel, but using the<br>
> same key in psk.txt was failing. I eventually got it working by<br>
> converting the hex characters to binary and placing that in the<br>
> contents of the file specified by PSKsecrets (psk.txt), but this<br>
> won't work for certain scenarios. For example, what if the key<br>
> contains ascii newline characters?<br>
<br>
Do it the other way around: generate sufficiently long printable ASCII<br>
pre-shared keys, and then hex-encode them for applications that<br>
require hex-encoded pre-shared keys. The same applies to any other<br>
encoding (base64, rot13, etc.).<br>
<br>
Yes, the interface of stunnel restricts the subset of bytes that may<br>
be used for pre-shared keys (but not the length of those keys). Yes,<br>
this may require generating new pre-shared keys when you migrate to<br>
stunnel from another product. Yes, I consider this to be a feature.<br>
You can use passphrases or your favourite password generator to<br>
generate pre-shared keys for stunnel. Changing the pre-shared key<br>
when you migrate to stunnel is also *good* for your security.<br>
<br>
Mike<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQIcBAEBCAAGBQJWMd8UAAoJEC78f/DUFuAUoOAQAJkSO2uIulKQWJSZ5HnAViK+<br>
a+qoVkIIpnmAzp9YUQPZ59/BPQcRfNo0sc3cIvLtr25pLylyF8Tofjrm17bvmYqI<br>
ptyNDWbKOnQmcNiU+mz2oMDFbV9SU6srfGb8RR1dkvGItXU8BNjk5Gg1KIljf7vH<br>
vTEU3RSnzO5TG97KtWAQVOc94rN/VgSW3EMH0VE9UcYn4seXiWM3dTwt0xT1R9UT<br>
G1iU0nl9AMvpLih02Ax7JEg+8S5OYsq3N01qfhmGB2H/lWWGRHUEWOtaDUcv4bBd<br>
lJ+EjZIXpMXl2PMnHz6K4T1WjvQojIrAKeIE3HGSKdanytLNVguqkc6ZXn5PMZR3<br>
1yngV2CcF4YOV0MAmtSQWrlbM+vHRNHP+osen5fufaDKBOQPvpF6a7GDM7WcDLbw<br>
y3xkQ7QVPuP6oaePszz/Vc+39NuNhQ5qWdwMthAaOqmuHtzOm84SqdY6bGaMy7vk<br>
JwpQ7ecsARkfufoXJso0NTN1lWYQUjw5CJmK+wgymLv8Z5V1F+hW5RLbrL7CocB+<br>
uIn71hdLFkWddXNEAbKwRznH9IEla25eGuXuHmRMWkNNgS+E2G6vYqQDrsF5kpYv<br>
LIuPMGn5xZN5Nzx2y4JiWMWu8qHYFEx8Pa6+fB7LWzmtQHWVB8blHUKyBat/OMtV<br>
LrLXUnCMKNv2eHSsgn5D<br>
=vg8c<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a>stunnel-users@stunnel.org</a><br>
<a rel="noreferrer">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of stunnel-users Digest, Vol 135, Issue 19<br>
**********************************************<br>
</blockquote></div>