Hi All, OpenVPN users!
One Q that interest me. Is there possibility or functionality of digital signature in OpenVPN?
I saw that there is HMAC but for authentification in the handshake proces of the TLS/SSL communication...
Maybe i missed something for Digital signature?
Please help
Chizo
Digital signature option in OpenVPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jun 05, 2012 11:16 am
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Digital signature option in OpenVPN
openvpn uses (extra) HMAC signing when you use the
in the client and server setups.
Without this option OpenVPN still uses HMAC signing for the data transport , but not for the initial connection. The default HMAC signing algorithm is SHA1.
Code: Select all
tls-auth <path-to-ta.key-file>
Without this option OpenVPN still uses HMAC signing for the data transport , but not for the initial connection. The default HMAC signing algorithm is SHA1.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jun 05, 2012 11:16 am
Re: Digital signature option in OpenVPN
Hi thx a lot for answer. I understand you well, but i do not know real function of HMAC without active option "tls-auth", you said that "uses HMAC signing for the data transport"?
You mean, if understand you well that HMAC is the message digest and is sending with message.
etc. message+digest (HMAC) without private-key encryption to reciever, and reciever need to have same HMAC algoritham to create digest and to compare with senders one?
A i right?
Thx
Chizo
You mean, if understand you well that HMAC is the message digest and is sending with message.
etc. message+digest (HMAC) without private-key encryption to reciever, and reciever need to have same HMAC algoritham to create digest and to compare with senders one?
A i right?
Thx
Chizo
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Digital signature option in OpenVPN
read the security overview
http://openvpn.net/index.php/open-sourc ... rview.html
for the full story; openvpn uses a control channel and a data channel; the 'tls-auth' option is used to add extra HMAC signing to the control channel. The data channel is always protected using HMAC signing. The digest used for this is controlled using the 'auth' option. The default is SHA1.
http://openvpn.net/index.php/open-sourc ... rview.html
for the full story; openvpn uses a control channel and a data channel; the 'tls-auth' option is used to add extra HMAC signing to the control channel. The data channel is always protected using HMAC signing. The digest used for this is controlled using the 'auth' option. The default is SHA1.