Next: HMAC Digests, Previous: SPA Messages, Up: SPA Parameter Types [Contents][Index]
One of the final steps (before the HMAC is calculated and applied) in creating an fwknop SPA message is encrypting the entire message. Currently, fwknop supports two methods of encryption:
FKO_ENCRYPTION_RIJNDAEL (default)FKO_ENCRYPTION_GPGAs indicated, libfko uses Rijndael encryption by default. Rijndael encryption is sufficient for most users and produces a much smaller data packet than GPG (between 140 bytes with MD5 digest to around 225 bytes or so with SHA512, compared to around 1100 for signed GPG). When Rijndael is used, the encryption key itself is derived from the supplied passphrase via the PBKDF1 algorithm, and CBC mode is set.
However, some may prefer the higher level of security provided by GPG. When selected, additional parameters such as recipient and signer may be set as well. See Setting SPA Data for detail on setting these and other SPA data fields.