I was reading up a little on openvpn and pki infra and am confused by some of the questions posed by my colleague. :) This answer did help me understand more: http://ift.tt/1FOtvw5
But I am still stuck with some questions. Searching hasn't helped much.
1.1. In the openvpn with pki process, we create the ca first, which gives us the ca.crt and ca.key; more importantly, we get a dh2048.pem and a crl.pem.
1.2. Then we go about creating files (.keys and .crts) for the entities (here, entity means openvpn client or server; basically, a 'client' for the ca)
PKI uses RSA which is as follows (copied from:http://ift.tt/1AabY9j)
2.1 n = pq; p,q = big primes
2.2 phi = (p-1)(q-1)
2.3 e < n, such that gcd(e,d) = 1
2.4 d = e^(-1) mod phi
2.5 (n,d) is the private key
2.6 (n,e) is the public key
I see that the ca.crt is a key, dh2048.pem is a key, client.crt is a text and client.key is again a key. How do these map to the algorithm variables above? Thanks.
EDIT:
An addendum to the question.
The openvpn manual says that both the openvpn server and the openvpn client authenticate each other. I have also read that the CA can be completely offline for security purposes. So, how do they contact the CA if needed? Based on RSA (and since it involves computation) I am assuming that they never contact the CA. Then how does the solution work? Thanks.
Aucun commentaire:
Enregistrer un commentaire