summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2000-05-02 22:01:37 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2000-05-02 22:01:37 +0000
commitbe1a373a80da0464c6d65210ee342cbd9bc27769 (patch)
tree5b92bff783d8695bdf837058759c40200aef1a76
parenta8ced0c77938d43a2f60a078b4b9fbcc7bd2c3d3 (diff)
Revert to using perl in the random key generation examples as hexdump
doesn't always produce the same length output. Also; 3DES key needs 24, not 20 bytes.
-rw-r--r--share/man/man8/vpn.812
1 files changed, 7 insertions, 5 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8
index 2391babb6a3..d8916406962 100644
--- a/share/man/man8/vpn.8
+++ b/share/man/man8/vpn.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vpn.8,v 1.36 2000/05/02 21:08:47 ho Exp $
+.\" $OpenBSD: vpn.8,v 1.37 2000/05/02 22:01:36 ho Exp $
.\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
@@ -122,7 +122,7 @@ is by using the
.Xr random 4
device. To produce 160 bits (20 bytes) of randomness, for example, do a:
.Bd -literal
- /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\"
+ openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges'
.Ed
.Pp
Different cipher types may require different sized keys.
@@ -301,12 +301,14 @@ To create a manual keyed VPN between two class C networks using
.Pp
.Bl -enum
.It
-Choose the shared secrets using a suitably random method:
+Choose the shared secrets using a suitably random method.
+The 3DES encryption key needs 192 bits (3x64), or 24 bytes.
+The SHA-1 authentication key for needs 160 bits, or 20 bytes.
.Pp
.Bd -literal
-# /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\" > enc_key
+# openssl rand 24 | perl -pe 's/./unpack("H2",$&)/ges' > enc_key
-# /usr/sbin/openssl rand 20 | /usr/bin/hexdump -e \\"%02x\\" > auth_key
+# openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges' > auth_key
.Ed
.Pp
.It