--eab-hmac-key EAB_HMAC_KEY certbot parameter

Hello, I need help to understand what form should this certbot parameter take. The online documentation does not answer this question except that in the sample config file, it says
"eab-hmac-key = yaddayaddahexhexnotquoted"

I tried hex form of binary 64-byte key generated by "openssl rand -hex 64" but it doesn't seem to work. I get "externalAccountBinding signature verification failure".

RFC says that it should be in base64url form. Is it hex of this form? I've also tried it too with the same result.

What I have tried is this:
I extracted the payload from the certbot log file:

"ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzphcG9saWFrZXZpdGNoQHRpbWJyZWRpZ2l0YWwuY28ubnoiCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlLAogICJleHRlcm5hbEFjY291bnRCaW5kaW5nIjogewogICAgInByb3RlY3RlZCI6ICJleUpoYkdjaU9pQWlTRk15TlRZaUxDQWlhMmxrSWpvZ0ltRndiMnhwWVd0bGRtbDBZMmdpTENBaWRYSnNJam9nSW1oMGRIQnpPaTh2Y0d0cExuUmxZMmhqYjNKd1lYQndjeTVqYjIwdllXTnRaUzl1WlhjdFlXTmpiM1Z1ZENKOSIsCiAgICAic2lnbmF0dXJlIjogIlpVYzIxaVFfcUZQZXBwVV9CME0tMXNQaEN3MUZnNWZmd0tMbkNYbjVzY00iLAogICAgInBheWxvYWQiOiAiZXlKdUlqb2dJbkZLWWpsUk5IRjZNVUZ5T1ZWVWJFazBSVGxLTTFVd1gxcE5aVzlOTFZKYVVUWXRkRUV5WlhWVlJsY3hWRlZKV0d4Mk1GUnlWVlZ3U0hwcmFXaGlWRlJ5UjBGalVYcFFhVTVpWmsxTVExRmlZMVF5TVV0dGRYWTVUMnhWVlV4dmNsUkxUWFE1Ylhoc05FRm5jVXh0Y1d4alpFVllhREJLYlRkU2FrWlhiMHAyWTFOR1NtOVpXbmRuTUVocFUxWTVWREJCUkY4MVltaDBSRmxOZUdadGJrVnFXRjlEVVc1VFlsUjJOV3RsWDBORVEzRkpRekZoZW1zeVJuazFVSFZsYW01Vk16TklZM1JuUm1kUFRsZ3hhblp0VnpoR01EQkJlbHB3VG05eFJHNTVaM0pZTjFaRE1uUk1XRVZUTm5JeUxWSkNialprYkdoMlVuTnpUR3A0VTBOeVprOVNPR1EyTnpVeWRUUTRMVlJMWlhrMWNTMHpRbGM1Tm05TlYyZzRiVFo0TTJSZk1IZDBUbTV3ZG13d04wcFRVVlUzWVZnNFJVeEViekZaU1V0cFJ6RTNPV05TWTJsNVRXVlJOV2RrVnpRNVZrWnRVU0lzSUNKbElqb2dJa0ZSUVVJaUxDQWlhM1I1SWpvZ0lsSlRRU0o5IgogIH0KfQ"

I base64url decoded it to get protected, payload and the signature of externalAccountBinding. Here they are:

"eyJhbGciOiAiSFMyNTYiLCAia2lkIjogImFwb2xpYWtldml0Y2giLCAidXJsIjogImh0dHBzOi8vcGtpLnRlY2hjb3JwYXBwcy5jb20vYWNtZS9uZXctYWNjb3VudCJ9"

"eyJuIjogInFKYjlRNHF6MUFyOVVUbEk0RTlKM1UwX1pNZW9NLVJaUTYtdEEyZXVVRlcxVFVJWGx2MFRyVVVwSHpraWhiVFRyR0FjUXpQaU5iZk1MQ1FiY1QyMUttdXY5T2xVVUxvclRLTXQ5bXhsNEFncUxtcWxjZEVYaDBKbTdSakZXb0p2Y1NGSm9ZWndnMEhpU1Y5VDBBRF81Ymh0RFlNeGZtbkVqWF9DUW5TYlR2NWtlX0NEQ3FJQzFhemsyRnk1UHVlam5VMzNIY3RnRmdPTlgxanZtVzhGMDBBelpwTm9xRG55Z3JYN1ZDMnRMWEVTNnIyLVJCbjZkbGh2UnNzTGp4U0NyZk9SOGQ2NzUydTQ4LVRLZXk1cS0zQlc5Nm9NV2g4bTZ4M2RfMHd0Tm5wdmwwN0pTUVU3YVg4RUxEbzFZSUtpRzE3OWNSY2l5TWVRNWdkVzQ5VkZtUSIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9"

"ZUc21iQ_qFPeppU_B0M-1sPhCw1Fg5ffwKLnCXn5scM"

Then I concatenated protected with '.' and payload.

Then I get the hmac(sha256) hash using the binary form of eab-hmac-key. Finally I encoded the binary hash with base64url. The output does not match the signature.

I have also tried a few other combinations of what I could guess the key is with no luck.

Thanks a lot for the info and help.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.24.0

The --eab-hmac-key is optional and only required for external account binding. Why are you trying to use this option exactly and why are you seemingly entering random data into it?

4 Likes

Because my ACME server requires externalAccountBinding. The key is generated randomly but it is known to the server. The question is in what form should it be assigned to --eab-hmac-key.

1 Like

No, it's just the base64url form of the bytes of the key.

Pebble supports EAB via file configuration. You could try replicate your scenario with Certbot and Pebble, using the same HMAC key.

6 Likes

If I use base64url from of binary key bytes

eab-hmac-key = 4pFWMKCl-zBwWfCBZZHWu7xBWZEXQx0GJ3-Zdc0PN_1n7PsnXj-IH7MNOQ32pDzYEEBdRZTYCSFfS_8yDH4NhQ

then I get the same error: signature verification failure.

And should also be known to you: the ACME server should provide the user with the EAB key already in base64 form as wel as the key identifier. See section 7.3.4 of RFC 8555.

But I have a feeling you already know the above, so I'm puzzled by what you're doing exactly with the whole using openssl rand to generate keys yourself. Perhaps you can explain more about the exact situation you're working with? Which ACME server et cetera?

4 Likes

ACME server provided me with the shared key or I provided it with the key. Does it mater? Both server and client have the same key, hence why it called shared. The server knows how to use the key. I don't know how to use the key with certbot.

Please show the entire Certbot command or even better: the log file of this error. It looks like something isn't correct with it.

3 Likes

Sorry, this error was my bad saving by accident the config file in utf-8 format but it still fails to verify the signature. And I mean not just the server, I can't verify the signature using the algorithm that I outlined above in the first post with this base64url encoding of key bytes as an adjustment.

Thanks _az! I made it finally work, after I changed the key in config file, I forgot to update my test script for signature verification with new data from the log.

1 Like