Mailing List Archive

From:: Tobias Heider <tobias.heider@stusta.de>
Subject:: Re: Document 'psk file' in iked.conf.5
To:: Josh Rickmar <jrick@zettaport.com>
Cc:: tech@openbsd.org
Date:: Sat, 13 Apr 2024 13:54:34 +0200

Download raw body.

Thread

2024-04-12 23:17 Josh Rickmar:
Document 'psk file' in iked.conf.5
- 2024-04-13 11:54 Tobias Heider:
  Document 'psk file' in iked.conf.5
- 2024-04-13 12:11 Jason McIntyre:
  Document 'psk file' in iked.conf.5

On Fri, Apr 12, 2024 at 07:17:09PM -0400, Josh Rickmar wrote:
> iked supports reading preshared keys from files, rather than only
> inline preshared keys, with the 'psk file <path>' syntax, but this was
> not documented.
> 
> ok?

sure, ok tobhe@

> 
> diff /usr/src
> commit - 93536db294f52bc74669089161e04f33a62520f5
> path + /usr/src
> blob - 5ca57e4767e207585bd27851dbe8372b9dd75038
> file + sbin/iked/iked.conf.5
> --- sbin/iked/iked.conf.5
> +++ sbin/iked/iked.conf.5
> @@ -663,6 +663,10 @@ Use ECDSA with a 521-bit elliptic curve key and SHA2-5
>  Use a pre-shared key
>  .Ar string
>  or hex value (starting with 0x) for authentication.
> +.It Ic psk file Ar path
> +Use a pre-shared hex key (without leading 0x) read from
> +.Ar path
> +for authentication.
>  .It Ic rfc7427
>  Only use RFC 7427 signatures for authentication.
>  RFC 7427 signatures currently only support SHA2-256 as the hash.
>

2024-04-12 23:17 Josh Rickmar:
Document 'psk file' in iked.conf.5
- 2024-04-13 11:54 Tobias Heider:
  Document 'psk file' in iked.conf.5
- 2024-04-13 12:11 Jason McIntyre:
  Document 'psk file' in iked.conf.5