Next: SPA Messages, Up: SPA Parameter Types [Contents][Index]
The fwknop system employs a message digest hash of the SPA data as one of the data fields to act a signature which can be used at the receiving end to verify the data is valid (although this feature has been superceded by the usage of an HMAC for proper message authentication and verification of integrity). The resulting digest is base64-encoded before it is added to the SPA data.
Currently, libfko supports the same message digests as the legacy fwknop plus two others (SHA384 and SHA512). These are (in order of strength):
FKO_DIGEST_MD5
FKO_DIGEST_SHA1
FKO_DIGEST_SHA256 (libfko default)
FKO_DIGEST_SHA384
FKO_DIGEST_SHA512
As indicated in the list above, SHA256 is the default. This means the digest type does not need to be explicitly set unless you wish to use one of the other values. This applies to all libfko SPA data fields that have a default value.