Digital signature option in OpenVPN

[Chizo]

Hi All, OpenVPN users!
One Q that interest me. Is there possibility or functionality of digital signature in OpenVPN?
I saw that there is HMAC but for authentification in the handshake proces of the TLS/SSL communication...
Maybe i missed something for Digital signature?

Please help

Chizo

[janjust]

openvpn uses (extra) HMAC signing when you use the

Code: Select all

tls-auth <path-to-ta.key-file>

in the client and server setups.
Without this option OpenVPN still uses HMAC signing for the data transport , but not for the initial connection. The default HMAC signing algorithm is SHA1.

[Chizo]

Hi thx a lot for answer. I understand you well, but i do not know real function of HMAC without active option "tls-auth", you said that "uses HMAC signing for the data transport"?
You mean, if understand you well that HMAC is the message digest and is sending with message.
etc. message+digest (HMAC) without private-key encryption to reciever, and reciever need to have same HMAC algoritham to create digest and to compare with senders one?
A i right?

Thx

Chizo

[janjust]

read the security overview
http://openvpn.net/index.php/open-sourc ... rview.html
for the full story; openvpn uses a control channel and a data channel; the 'tls-auth' option is used to add extra HMAC signing to the control channel. The data channel is always protected using HMAC signing. The digest used for this is controlled using the 'auth' option. The default is SHA1.