Previous: Encryption Algorithms, Up: SPA Parameter Types [Contents][Index]
The fwknop project employs an HMAC in the encrypt-then-authenticate model for strong SPA message authentication. The HMAC itself is derived from a digest of the encrypted SPA message along with a dedicated HMAC key.
Currently, libfko supports the same message digests as mentioned in the Digest section above, and these are (in order of strength):
FKO_HMAC_MD5FKO_HMAC_SHA1FKO_HMAC_SHA256 (libfko default)FKO_HMAC_SHA384FKO_HMAC_SHA512As indicated in the list above, SHA256 is the default. This means the HMAC digest type does not need to be explicitly set unless you wish to use one of the other values. This applies to all libfko SPA data fields that have a default value.