Mailing List Archive

From:: Josh Rickmar <jrick@zettaport.com>
Subject:: Document 'psk file' in iked.conf.5
To:: tech@openbsd.org
Date:: Fri, 12 Apr 2024 19:17:09 -0400

Download raw body.

Thread

2024-04-12 23:17 Josh Rickmar:
Document 'psk file' in iked.conf.5
- 2024-04-13 11:54 Tobias Heider:
  Document 'psk file' in iked.conf.5
- 2024-04-13 12:11 Jason McIntyre:
  Document 'psk file' in iked.conf.5

iked supports reading preshared keys from files, rather than only
inline preshared keys, with the 'psk file <path>' syntax, but this was
not documented.

ok?

diff /usr/src
commit - 93536db294f52bc74669089161e04f33a62520f5
path + /usr/src
blob - 5ca57e4767e207585bd27851dbe8372b9dd75038
file + sbin/iked/iked.conf.5
--- sbin/iked/iked.conf.5
+++ sbin/iked/iked.conf.5
@@ -663,6 +663,10 @@ Use ECDSA with a 521-bit elliptic curve key and SHA2-5
 Use a pre-shared key
 .Ar string
 or hex value (starting with 0x) for authentication.
+.It Ic psk file Ar path
+Use a pre-shared hex key (without leading 0x) read from
+.Ar path
+for authentication.
 .It Ic rfc7427
 Only use RFC 7427 signatures for authentication.
 RFC 7427 signatures currently only support SHA2-256 as the hash.

2024-04-12 23:17 Josh Rickmar:
Document 'psk file' in iked.conf.5
- 2024-04-13 11:54 Tobias Heider:
  Document 'psk file' in iked.conf.5
- 2024-04-13 12:11 Jason McIntyre:
  Document 'psk file' in iked.conf.5