Next: SPA Messages, Up: SPA Parameter Types [Contents][Index]
The fwknop system employs a message digest hash of the SPA data as one of the data fields to act a signature which can be used at the receiving end to verify the data is valid (although this feature has been superceded by the usage of an HMAC for proper message authentication and verification of integrity). The resulting digest is base64-encoded before it is added to the SPA data.
Currently, libfko supports the same message digests as the legacy fwknop plus two others (SHA384 and SHA512). These are (in order of strength):
FKO_DIGEST_MD5FKO_DIGEST_SHA1FKO_DIGEST_SHA256 (libfko default)FKO_DIGEST_SHA384FKO_DIGEST_SHA512As indicated in the list above, SHA256 is the default. This means the digest type does not need to be explicitly set unless you wish to use one of the other values. This applies to all libfko SPA data fields that have a default value.