FreeRADIUS InkBridge

Cipher Module

The cipher module is used to transform plaintext in some way that is dependent on a key or key pair, producing encrypted ciphertext.

Registers the following expansions:

XLAT Description


Encrypts plaintext using certificate_file


Decrypts ciphertext using private_key_file


Signs plaintext using private_key_file

%<inst>.verify(<signature>, <plaintext>…​)

Validates a signature using certificate_file


Returns the serial of certificate_file

%<inst>.certificate(fingerprint, <hash>)

Produces a fingerprint of certificate_file using the specified hash.


Retrieves the notBefore time from certificate_file.


Retrieves the notAfter time from certificate_file.

<ciphertext> and <signature> are ingested and excreted to in their raw form. You should use armouring expansions i.e. %base64.encode(…​), %base64.decode(…​) if the values are to be passed outside of FreeRADIUS.


The supported versions are determined entirely by the version of OpenSSL used, we pass the name of the digest off to OpenSSL and it tells us whether it’s valid/supported or not.

OpenSSL >= 1.0.0 should support at least:

  • md2 (not recommended)

  • md4 (not recommended)

  • md5 (not recommended)

  • sha1 (widely used but deprecated)

  • sha224

  • sha256 (the default)

  • sha384

  • sha512

OpenSSL >= 1.1.1 also supports the sha3 family of digest functions.

  • sha3_224

  • sha3_256

  • sha3_384

  • sha3_512

Configuration Settings


Available schemes are:

  • rsa

RSA asymmetrically keyed ciphering


Private key used for decrypting and signing data.


The PEM encoded certificate used for encrypting data and verifying signatures.


How we verify certificate_file on startup

After reading the certificate file from disk and parsing it we can apply other checks to ensure it is valid. Currently we check the notBefore and notAfter fields to ensure the certificate is temporally valid. Key use checks may be added in future.

Error Description


Error out if the certificate is not yet valid or has expired.


Warn if the certificate is not yet valid or has expired.


Stay silent if the certificate is not yet valid.

The default is hard.

oaep { …​ }

Parameters for the OAEP RSA padding scheme.


Digest used to ingest the plaintext before signing or verification.


The type of padding applied to the plaintext being one of:

  • none (no padding)

  • pkcs

  • oaep

  • x931 (signing only)

  • ssl (v1/v2)

Defaults to pkcs.

Provides random number generator.

Default Configuration

cipher {
	type = rsa
	rsa {
		private_key_password = whatever
		private_key_file = ${certdir}/rsa/server.pem
		certificate_file = ${certdir}/rsa/server.pem
#		verify_mode = "hard"
		oaep {
#			oaep_digest = "sha256"
#			mgf1_digest = "sha256"
#			label = ""
#		signature_digest = "sha256"
#		padding_type = pkcs
#		random_file = /dev/urandom