On 09.04.20 12:50, Jan Just Keijser wrote:
>> I wasn't suggesting to use OpenVPN-PSK, quite frankly I find it's super
>> crappy. But I do think it's worthwhile pointing out that symmetric PSK
>> is NOT at all the same as asymmetric PSK.
>
> without getting into a discussion about symmetric vs asym
On 09.04.20 11:46, Gert Doering wrote:
>> Preshared *public* keys, correct. In contrast to the PSK setup that
>> OpenVPN offers, which is just symmetric keys. That's a world of a
>> difference, mind you.
>
> OpenVPN with pre-shared secret is not the recommended way of operation
> since quite an nu
On 06.04.20 16:01, Jan Just Keijser wrote:
> As OpenVPN uses an SSL library like OpenSSL or mbedtls you can use all
> crypto features provided by that library. As far as I know, OpenSSL does
> not support chacha20 or blake2 yet, so neither does OpenVPN.
Of course OpenSSL supports ChaCha20, and it
Hi Pieter,
On 04.04.19 12:57, Pieter Hulshoff wrote:
> I understand that, but since GCM already handles both encryption and
> authentication, I was wondering what the SHA-384 (which is not part of
> AES-GCM) was used for. Might it indicate the PRF used for key
> derivation? Are there perhaps two
On 23.07.2018 21:26, Selva Nair wrote:
>>> Mon Jul 23 18:26:53 2018 PKCS#11: Unable get evp object
>
> I think this would indicate pkcs11-helper was built without enabling
> EC support -- could happen if it was configured against openssl with
> EC disabled.
Geeze, you're brilliant. Man, that was
Hi list,
I'm setting up a concentrator on Debian Stretch using OpenVPN 2.4.0 and
have a Ubuntu client on 2.4.4. My clients have PKCS#11 smart cards with
secp256r1 ECC certificates/private keys. Key handling works fine with
pkcs11-tool and OpenSSL.
However, when I try to use the keys with OpenVPN,
