Next: SPA Messages, Up: SPA Parameter Types [Contents][Index]
The fwknop system employs a message digest hash of the SPA data as one of the data fields to act a signature which can be used at the receiving end to verify the data is valid. This provides a means to ensure the data was not modified in-transit. The resulting digest is base64-encoded before it is added to the SPA data.
Currently, libfko support the same message digests as the legacy fwknop plus 2 others (SHA384 and SHA512). These are (in order of strength):
FKO_DIGEST_MD5FKO_DIGEST_SHA1FKO_DIGEST_SHA256 (libfko default)FKO_DIGEST_SHA384FKO_DIGEST_SHA512As indicated in the list above, SHA256 is the default. This means the digest type does not need to be explicitly set unless you wish to use one of the other values. This applies to all libfko SPA data fields that have a default value.