From: Jason McIntyre <jmc@kerhand.co.uk>
Subject: Re: Document 'psk file' in iked.conf.5
To: tech@openbsd.org
Date: Sat, 13 Apr 2024 13:11:36 +0100

On Fri, Apr 12, 2024 at 07:17:09PM -0400, Josh Rickmar wrote:
> iked supports reading preshared keys from files, rather than only
> inline preshared keys, with the 'psk file <path>' syntax, but this was
> not documented.
> 
> ok?
> 

fixed, thanks.
jmc

> diff /usr/src
> commit - 93536db294f52bc74669089161e04f33a62520f5
> path + /usr/src
> blob - 5ca57e4767e207585bd27851dbe8372b9dd75038
> file + sbin/iked/iked.conf.5
> --- sbin/iked/iked.conf.5
> +++ sbin/iked/iked.conf.5
> @@ -663,6 +663,10 @@ Use ECDSA with a 521-bit elliptic curve key and SHA2-5
>  Use a pre-shared key
>  .Ar string
>  or hex value (starting with 0x) for authentication.
> +.It Ic psk file Ar path
> +Use a pre-shared hex key (without leading 0x) read from
> +.Ar path
> +for authentication.
>  .It Ic rfc7427
>  Only use RFC 7427 signatures for authentication.
>  RFC 7427 signatures currently only support SHA2-256 as the hash.
>