Client and Server Key Question(s)

Scripts to manage certificates or generate config files
Post Reply
j.agtys
OpenVPN User
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 2:39 pm

Hello.

I have set up an OpenVPN server and it is functioning just fine. I installed a VPN so that I can access my internal network remotely from anywhere.

I understand VPNs provide encryption as well. Everything will be encrypted to VPN traffic. That is not what I originally was hoping to achieve; although, it is good. My question is about the encryption and keys.

SSL and RSA rely on public key cryptography. Public key cryptography requires one public key to be distributed and one private key to be maintained by the server. The only way to decrypt a message encrypted with the public key is with the private key.

While going through my configuration files for setting up OpenVPN I notice four directives for keys (CA, CERT, KEY, TLS-AUTH). For each, the client and server, there are directives for the the configuration.

What is the need for the TLS-AUTH key?
There is a CERT directive. Is this to verify that the client or server's own key is trusted?
Can anyone explain the encryption methods for OpenVPN in greater detail?
What data is a risk if the client key(s) are compromised? The server's?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5095
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and Server Key Question(s)

Post by TinCanTech » Thu Dec 06, 2018 2:51 pm

j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
What is the need for the TLS-AUTH key?
This provides an extra layer of protection from X.509 exploits.
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
There is a CERT directive. Is this to verify that the client or server's own key is trusted?
X509
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
Can anyone explain the encryption methods for OpenVPN in greater detail?
Openvpn always selects the best encryption that is available to it, unless you misconfigure it.

As for the encryption algorithms .. you will have to start researching them yourself.
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
What data is a risk if the client key(s) are compromised?
Unauthorised access to your VPN .. Revoke compromised clients.

User avatar
Pippin
OpenVPN Expert
Posts: 371
Joined: Wed Jul 01, 2015 8:03 am

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 2:53 pm


j.agtys
OpenVPN User
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 3:13 pm

When I create a CA for my client and server I am asked a few questions. It asks for the country I reside in, the city, a name, among others.
Suppose I create a CA (CA A) and two key pairs with certificates for the client and server. I decide I want to remove the CA and all keys signed by my CA.
If I create a new CA (CA B) using the same answers to the questions in the first CA (CA A), will the keys created with the first CA (CA A) be usable on an openvpn instance configured with the CA directive set to CA B?

j.agtys
OpenVPN User
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 6:31 pm

On-the-wire tls-crypt packet specification
Control channel encryption is based on the SIV construction [0], to achieve nonce misuse-resistant authenticated encryption:

Code: Select all

msg      = control channel plaintext
header   = opcode (1 byte) || session_id (8 bytes) || packet_id (8 bytes)
Ka       = authentication key (256 bits)
Ke       = encryption key (256 bits)
(Ka and Ke are pre-shared keys, like with --tls-auth)
auth_tag = HMAC-SHA256(Ka, header || msg)
IV       = 128 most-significant bits of auth_tag
ciph     = AES256-CTR(Ke, IV, msg)
output   = Header || Tag || Ciph
Ka is most likely ta.key (What 'ta' is an acronym for, I don't know)
Ke is most likely the client.key and server.key file.

Code: Select all

 		//crypto.c
 		//line 542
             /* Compare locally computed HMAC with packet HMAC */
             if (memcmp_constant_time(local_hmac, BPTR(buf), hmac_len))
             {
                 CRYPT_ERROR("packet HMAC authentication failed");
             }
             
             ASSERT(buf_advance(buf, hmac_len));
If HMACs do not match, CRYPT_ERROR is called.

User avatar
Pippin
OpenVPN Expert
Posts: 371
Joined: Wed Jul 01, 2015 8:03 am

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 7:14 pm

Ka is most likely ta.key (What 'ta' is an acronym for, I don't know)
Ke is most likely the client.key and server.key file.
Not quite :) , there are two channels, control and datachannel multiplexed together.

What you posted above is about tls-crypt function used for the control channel:
On-the-wire tls-crypt packet specification
Control channel encryption is based on..........
tls-crypt does encryption and authentication of control channel packets.
Ka is a part of the key used for authentication of the control channel packets and data channel packets.
Ke is a part of the key used for encryption of the control channel packets.

The key used for tls-auth and tls-crypt are the same, i.e. if you had a setup with tls-auth and convert to tls-crypt you could use the same key.

tls-auth does authentication of control channel packets (no encryption) and data channel packets.
With tls-auth a part of the key is used for authentication only.

Encryption of data channel packets is determined by the --cipher directive, authentication of these packets by tls-auth or tls-crypt.

Someone correct me if I'm wrong.

j.agtys
OpenVPN User
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 7:44 pm

I think the tls-auth directive is for authentication of each data or control packet. The tls-crypt directive is for each control packet from the beginning of a connection.

If the server and the client are both using public key encryption, how are the public keys being sent? I did not specify or generate any public key. Are those automatically generated from the certificate?

User avatar
Pippin
OpenVPN Expert
Posts: 371
Joined: Wed Jul 01, 2015 8:03 am

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 8:22 pm

I think the tls-auth directive is for authentication of each data or control packet.
Yes.
The tls-crypt directive is for each control packet from the beginning of a connection.
Not sure what you mean here.....please read my previous post carefully.
If the server and the client are both using public key encryption, how are the public keys being sent?
Over the control channel.
I did not specify or generate any public key. Are those automatically generated from the certificate?
Not automatically, depending on configuration you might have to generate them.

OpenVPN can be configured in different ways, even without encryption.


Now we wait for someone more knowledgeable slapping my head :)

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5095
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and Server Key Question(s)

Post by TinCanTech » Fri Dec 07, 2018 2:32 pm

As I understand it .. the public key is held in the certificate:

Code: Select all

        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:

{...}

                ASN1 OID: secp384r1
                NIST CURVE: P-384

Post Reply