As kitsune1 mentioned in IRC, this section should explain that "--tls-crypt-v2-genkey client" requires the user to supply the server key using "--tls-crypt-v2".
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com> --- doc/openvpn.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 94b5cc4..f38fba9 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp representing the current time in UTC, encoded in network order, as metadata for the generated key. +A tls\-crypt\-v2 client key is wrapped using a server key. To generate a +client key, the user must therefore supply the server key using the +.B \-\-tls\-crypt\-v2 +option. + Servers can use .B \-\-tls\-crypt\-v2\-verify to specify a metadata verification command. -- 2.7.4 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
