Client and Server Key Question(s)

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
j.agtys
OpenVpn Newbie
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 2:39 pm

Hello.

I have set up an OpenVPN server and it is functioning just fine. I installed a VPN so that I can access my internal network remotely from anywhere.

I understand VPNs provide encryption as well. Everything will be encrypted to VPN traffic. That is not what I originally was hoping to achieve; although, it is good. My question is about the encryption and keys.

SSL and RSA rely on public key cryptography. Public key cryptography requires one public key to be distributed and one private key to be maintained by the server. The only way to decrypt a message encrypted with the public key is with the private key.

While going through my configuration files for setting up OpenVPN I notice four directives for keys (CA, CERT, KEY, TLS-AUTH). For each, the client and server, there are directives for the the configuration.

What is the need for the TLS-AUTH key?
There is a CERT directive. Is this to verify that the client or server's own key is trusted?
Can anyone explain the encryption methods for OpenVPN in greater detail?
What data is a risk if the client key(s) are compromised? The server's?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and Server Key Question(s)

Post by TinCanTech » Thu Dec 06, 2018 2:51 pm

j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
What is the need for the TLS-AUTH key?
This provides an extra layer of protection from X.509 exploits.
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
There is a CERT directive. Is this to verify that the client or server's own key is trusted?
X509
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
Can anyone explain the encryption methods for OpenVPN in greater detail?
Openvpn always selects the best encryption that is available to it, unless you misconfigure it.

As for the encryption algorithms .. you will have to start researching them yourself.
j.agtys wrote:
Thu Dec 06, 2018 2:39 pm
What data is a risk if the client key(s) are compromised?
Unauthorised access to your VPN .. Revoke compromised clients.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 2:53 pm


j.agtys
OpenVpn Newbie
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 3:13 pm

When I create a CA for my client and server I am asked a few questions. It asks for the country I reside in, the city, a name, among others.
Suppose I create a CA (CA A) and two key pairs with certificates for the client and server. I decide I want to remove the CA and all keys signed by my CA.
If I create a new CA (CA B) using the same answers to the questions in the first CA (CA A), will the keys created with the first CA (CA A) be usable on an openvpn instance configured with the CA directive set to CA B?

j.agtys
OpenVpn Newbie
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 6:31 pm

On-the-wire tls-crypt packet specification
Control channel encryption is based on the SIV construction [0], to achieve nonce misuse-resistant authenticated encryption:

Code: Select all

msg      = control channel plaintext
header   = opcode (1 byte) || session_id (8 bytes) || packet_id (8 bytes)
Ka       = authentication key (256 bits)
Ke       = encryption key (256 bits)
(Ka and Ke are pre-shared keys, like with --tls-auth)
auth_tag = HMAC-SHA256(Ka, header || msg)
IV       = 128 most-significant bits of auth_tag
ciph     = AES256-CTR(Ke, IV, msg)
output   = Header || Tag || Ciph
Ka is most likely ta.key (What 'ta' is an acronym for, I don't know)
Ke is most likely the client.key and server.key file.

Code: Select all

 		//crypto.c
 		//line 542
             /* Compare locally computed HMAC with packet HMAC */
             if (memcmp_constant_time(local_hmac, BPTR(buf), hmac_len))
             {
                 CRYPT_ERROR("packet HMAC authentication failed");
             }
             
             ASSERT(buf_advance(buf, hmac_len));
If HMACs do not match, CRYPT_ERROR is called.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 7:14 pm

Ka is most likely ta.key (What 'ta' is an acronym for, I don't know)
Ke is most likely the client.key and server.key file.
Not quite :) , there are two channels, control and datachannel multiplexed together.

What you posted above is about tls-crypt function used for the control channel:
On-the-wire tls-crypt packet specification
Control channel encryption is based on..........
tls-crypt does encryption and authentication of control channel packets.
Ka is a part of the key used for authentication of the control channel packets and data channel packets.
Ke is a part of the key used for encryption of the control channel packets.

The key used for tls-auth and tls-crypt are the same, i.e. if you had a setup with tls-auth and convert to tls-crypt you could use the same key.

tls-auth does authentication of control channel packets (no encryption) and data channel packets.
With tls-auth a part of the key is used for authentication only.

Encryption of data channel packets is determined by the --cipher directive, authentication of these packets by tls-auth or tls-crypt.

Someone correct me if I'm wrong.

j.agtys
OpenVpn Newbie
Posts: 17
Joined: Sat Dec 01, 2018 3:59 pm

Re: Client and Server Key Question(s)

Post by j.agtys » Thu Dec 06, 2018 7:44 pm

I think the tls-auth directive is for authentication of each data or control packet. The tls-crypt directive is for each control packet from the beginning of a connection.

If the server and the client are both using public key encryption, how are the public keys being sent? I did not specify or generate any public key. Are those automatically generated from the certificate?

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Client and Server Key Question(s)

Post by Pippin » Thu Dec 06, 2018 8:22 pm

I think the tls-auth directive is for authentication of each data or control packet.
Yes.
The tls-crypt directive is for each control packet from the beginning of a connection.
Not sure what you mean here.....please read my previous post carefully.
If the server and the client are both using public key encryption, how are the public keys being sent?
Over the control channel.
I did not specify or generate any public key. Are those automatically generated from the certificate?
Not automatically, depending on configuration you might have to generate them.

OpenVPN can be configured in different ways, even without encryption.


Now we wait for someone more knowledgeable slapping my head :)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and Server Key Question(s)

Post by TinCanTech » Fri Dec 07, 2018 2:32 pm

As I understand it .. the public key is held in the certificate:

Code: Select all

        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:

{...}

                ASN1 OID: secp384r1
                NIST CURVE: P-384

blindrain
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 27, 2018 11:47 pm

Re: Client and Server Key Question(s)

Post by blindrain » Fri Oct 30, 2020 5:49 am

I have a question to add to this?
with this Scenario, All my clients use the same Key with a username and password authentication required.
Meaning the client key and cert is compromised but the user account is not.

What data is at risk if the client key(s) are compromised?

is all traffic compromised or is it only one direction? Since the Server Private key is not compromised? or none is compromised?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Client and Server Key Question(s)

Post by 300000 » Sun Nov 01, 2020 3:52 pm

blindrain wrote:
Fri Oct 30, 2020 5:49 am
I have a question to add to this?
with this Scenario, All my clients use the same Key with a username and password authentication required.
Meaning the client key and cert is compromised but the user account is not.

What data is at risk if the client key(s) are compromised?

is all traffic compromised or is it only one direction? Since the Server Private key is not compromised? or none is compromised?

if client key compromised so someone can connect to your server and they can do whatever they like to do .if you have many client it is better to use openvpn access server . it is used for business and have many functions to deal with like certificate management and username and password management . for central management it could authentication again windows domain so the job and security of openvpn server will be protect better than community openvpn server in house setup

say if you have 10 client and one of them loss laptop so you need to change 9 clients to news certificate or your server will face a big trouble . if you use openvpn access server what you do is delete that username and make revocation check list invoked so that will block connection

el_mosquito
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 04, 2021 12:51 pm

Re: Client and Server Key Question(s)

Post by el_mosquito » Fri Jun 04, 2021 1:19 pm

hey guys, i have another question concerning the key pairs used in openvpn as i am getting slightly confused:

i know that both Client and Server use a TLS handshake to 1) authenticate each other 2) to negotiate a common session key by means of DH key exchange

for authentication they use both their certificates that include the public key of each.
meaning, that at each connection establishment they first exchange random data ( 'Client hello' and 'Server hello'), digitally sign it with their private key and also exchange their certificates. If e.g. the client is able to decrypt the received server-data with the server's public key from the certificate, the client knows that the data has been encrypted with the server's private key. which proofs the server's identity. The certificate proofs that the server is indeed the owner of the public key. Authentication is finished.

Now they need to 'negotiate' a common key for encryption.
When i set up the openVPN-server on my Raspberry Pi (with PiVPN), i saw that DH-parameters have been generated. I assume that these parameters are the constant prime numbers g and p for the calculation.
i know how the DH key calculation works: both use the parameters g and p. and both use their own private key to generate a respective public key. then they exchange the public key and use it to calculate a common secret (session key) for encrypting the transferred data. but at this point i'm confused because i thought that the public keys are already inside the certificate?!

my point is: if they use the same private key for authentication AND the DH session key calculation, the calculated session key will always be the same. but the session key should change at every session, so the calculation parameters should vary as well.
?!

for example, in SSH (secure shell) they use a completely different set of keys for authentication and encryption.
hope someone can help me out with my struggle.
thanks so much!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client and Server Key Question(s)

Post by TinCanTech » Fri Jun 04, 2021 1:28 pm

Openvpn only uses X509 certificates to verify a peer, after that encrypted session keys are exchanged and used.

Post Reply