73bc473563
- [server] When GnuPG is used, the default now is to require that incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG is no longer necessary in order to authenticate SPA packets via the GnuPG signature. Verification of GnuPG signatures can be disabled with a new access.conf variable GPG_DISABLE_SIG, but this is NOT a recommended configuration. - [client+server] Add --gpg-exe command line argument and GPG_EXE config variable to ~/.fwknoprc and the access.conf file so that the path to GnuPG can be changed from the default /usr/bin/gpg path.
10 lines
417 B
Plaintext
10 lines
417 B
Plaintext
SOURCE ANY
|
|
FW_ACCESS_TIMEOUT 3
|
|
HMAC_DIGEST_TYPE sha256
|
|
HMAC_KEY_BASE64 Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
|
|
GPG_HOME_DIR conf/server-gpg
|
|
GPG_DECRYPT_ID 361BBAD4
|
|
GPG_DECRYPT_PW fwknoptest
|
|
GPG_REMOTE_ID 6A3FAD56
|
|
GPG_EXE /invalid/path/gpg
|