Path to this page:
./
security/spiped,
Tool for creating symmetrically encrypted and authenticated pipes
Branch: pkgsrc-2015Q3,
Version: 1.5.0,
Package name: spiped-1.5.0,
Maintainer: pkgsrc-usersspiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
encrypted and authenticated pipes between socket addresses, so that one may
connect to one address (e.g., a UNIX socket on localhost) and transparently
have a connection established to another address (e.g., a UNIX socket on a
different system). This is similar to 'ssh -L' functionality, but does not
use SSH and requires a pre-shared symmetric key.
Note that spiped:
1. Requires a strong key file: The file specified via the -k option should
have at least 256 bits of entropy. ('dd if=/dev/urandom bs=32 count=1' is
your friend.)
2. Does not provide any protection against information leakage via packet
timing: Running telnet over spiped will protect a password from being directly
read from the network, but will not obscure the typing rhythm.
3. Can significantly increase bandwidth usage for interactive sessions: It
sends data in packets of 1024 bytes, and pads smaller messages up to this
length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
coalesced with adjacent bytes.
4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
also able to impersonate it.
MESSAGE.smf [+/-]===========================================================================
$NetBSD: MESSAGE.smf,v 1.2 2014/05/14 14:00:42 jperkin Exp $
This package supports multiple SMF instances.
Configure using the SMF properties: mode, source, target and key.
Mode can have the value "encrypt" or "decrypt". Source and target are
formatted as described in spiped(1). The key is a path to the keyfile.
To generate a new keyfile:
dd if=/dev/urandom bs=32 count=1 > ${PKG_SYSCONFDIR}/spiped_example.key
Add a example service instance:
svccfg -s spiped add example
svccfg -s spiped:example addpg spiped application
svccfg -s spiped:example setprop spiped/mode = astring: decrypt
svccfg -s spiped:example setprop spiped/source = astring: [0.0.0.0]:2323
svccfg -s spiped:example setprop spiped/target = astring: [127.0.0.1]:23
svccfg -s spiped:example setprop \
spiped/key = astring: "${PKG_SYSCONFDIR}/spiped_example.key"
===========================================================================
Master sites:
SHA1: 85dfe13cd25a7461ae649d44c5463b37f64f8627
RMD160: f6498f9e85d4a48dcd99b2da5e696ed3b440d1c2
Filesize: 67.2 KB
Version history: (Expand)
- (2015-09-30) Package added to pkgsrc.se, version spiped-1.5.0 (created)