[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Client key exchange

  • Subject: [Openvpn-users] Client key exchange
  • From: Szüts Péter <pelo@xxxxxxx>
  • Date: Mon, 19 Sep 2005 00:58:32 +0200

Hello !

I've posted this to the openvpn-devel list, but they sent me here. :) So:

I see I have to be more specific, otherwise you underestimate me. :)) So here's the big deal:
I've found OpenVPN client key exchange in http://www.sans.org/rr/whitepapers/vpns/1459.php It says in message 3: "The client also generates and sends what is called a pre-master secret. The pre-master secret is the last parameter in the key derivation/exchange function and is encrypted with the server's public key." 
In the end we have the same pre-master secret on both sides and the client and server could generate the same master secret with a well-known mechanism. It's all clear, but the OpenVPN howto says I have to declare in the client configuration file where to find the client's private key. If OpenVPN uses the key derivation method mentioned above, why do we need the client's private key in the config file ? Where are we using it ? By accident, don't you have a flow chart or message exchange figure about this ? :)
Otherwise I'm a student from Budapest Technical and Economical University, faculty of electrical engineering, dealing with electrical services and security. We're working on a project, that's why we need this information. Thanks in advance:


Openvpn-users mailing list