| 1 | = Changed hex bytes in the static key, the key still connects to a remote peer using the original key. = |
| 2 | |
| 3 | {{{ |
| 4 | #!html |
| 5 | <div>Q: I edited my OpenVPN static key, changing some of the hex bytes, but the key still connects to a remote peer which is using the original key. Is this a bug?</div> |
| 6 | <div></div> |
| 7 | <div>>When I modify the Preshared 2048 bit Static Key on the Initiator Side of the</div> |
| 8 | <div>>Tunnel(don't tested the other way) I'm anyhow able to establish the</div> |
| 9 | <div>>Tunnel an send Packets through the Tunnel. I don't understand</div> |
| 10 | <div>>the Key splitting and handling as described below, but I think the Keys</div> |
| 11 | <div>>on both Sides of the Tunnel should be identical for the Tunnel to be</div> |
| 12 | <div>>established.</div> |
| 13 | <div></div> |
| 14 | <div>>I can modify every Char in Line 2,3,4,7,8,9,10,11,12,13,14,15,16 without</div> |
| 15 | <div>any effect and think this is possible a Bug.</div> |
| 16 | <div></div> |
| 17 | <div>>Bye</div> |
| 18 | <div>> Klaus</div> |
| 19 | <div></div> |
| 20 | <div>No, this is not a bug. The 2048 bit static key is designed to be large</div> |
| 21 | <div>enough to allow 512 bit encrypt, decrypt, HMAC send, and HMAC receive keys</div> |
| 22 | <div>to be extracted from it.</div> |
| 23 | <div></div> |
| 24 | <div>However, this key size is far too large for current conventional OpenVPN</div> |
| 25 | <div>usage. OpenVPN uses the 128 bit blowfish cipher by default. It also uses</div> |
| 26 | <div>the 160 bit HMAC-SHA1 as a cryptographic signature on packets to protect <span> </span></div> |
| 27 | <div>against tampering. Since you probably didn't specify a key direction</div> |
| 28 | <div>parameter, the encrypt/decrypt keys for both directions are the <span> </span>same and</div> |
| 29 | <div>the HMAC keys for both directions are also the same.</div> |
| 30 | <div></div> |
| 31 | <div>That means that OpenVPN is only actually using 128 + 160 = 288 bits <span> </span>out of</div> |
| 32 | <div>the file -- much less than the 2048 bits which are available.</div> |
| 33 | <div></div> |
| 34 | <div>Below, I will show a sample 2048 bit OpenVPN key, bracketed <span> </span>to show which</div> |
| 35 | <div>bits are actually used for key material, assuming default crypto settings:</div> |
| 36 | <div></div> |
| 37 | <div>#</div> |
| 38 | <div># 2048 bit OpenVPN static key</div> |
| 39 | <div><span> </span>#</div> |
| 40 | <div>-----BEGIN OpenVPN Static key V1-----</div> |
| 41 | <div>[eac9ae92cd73c5c2d6a2338b5a22263a] -> 128 bits for cipher</div> |
| 42 | <div>4ef4a22326d2a996e0161d25d41150c8 <span> </span></div> |
| 43 | <div>38bebc451ccf8ad19c7d1c7ce09742c3</div> |
| 44 | <div>2047ba60f1d97d47c88f7ab0afafb2ce</div> |
| 45 | <div>[f702cb04c7d15ff2606736c1825e830a -> 160 bits for HMAC <span> </span>SHA1</div> |
| 46 | <div>7e30a796] 4b82825d6767a04b3c8f4583</div> |
| 47 | <div>d4928127262c3a8603776bd6da339f69</div> |
| 48 | <div>dece3bbfee35f1dceb7cbceaef4c6933</div> |
| 49 | <div><span> </span>2c2cef8ac550ed15213b216b825ab31e</div> |
| 50 | <div>49840f99ff9df3c5f31156439ed6b99c</div> |
| 51 | <div>4fc1bff417d33d77134365e38c9d71cd</div> |
| 52 | <div>e294ba6e65d51703d6d4a629d5fc618e <span> </span></div> |
| 53 | <div>adddb889b8173ac79b4261328770bbbe</div> |
| 54 | <div>74294bc79e357c82af9ef53f2968be6a</div> |
| 55 | <div>007e6022da0a1a39f2ed5660f94a5926</div> |
| 56 | <div><span> </span>35d72e5838dd78dd680d91f6edcf6988</div> |
| 57 | <div>-----END OpenVPN Static key V1-----</div> |
| 58 | <div></div> |
| 59 | <div>As you can see, the only lines actually used are 1, 5, and 6. <span> </span>And of</div> |
| 60 | <div>course, that matches up perfectly with what you observed.</div> |
| 61 | <div></div> |
| 62 | <div>To verify this, run OpenVPN as follows:</div> |
| 63 | <div></div> |
| 64 | <div>openvpn --dev <span> </span>null --verb 7 --secret key | grep 'crypt:'</div> |
| 65 | <div></div> |
| 66 | <div>where 'key' is a file containing the key shown above.</div> |
| 67 | <div></div> |
| 68 | <div>Static Encrypt: Cipher <span> </span>'BF-CBC' initialized with 128 bit key</div> |
| 69 | <div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 70 | <div>Static Encrypt: Using 160 bit message <span> </span>hash 'SHA1' for HMAC authentication</div> |
| 71 | <div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 72 | <div>Static Decrypt: Cipher 'BF-CBC' <span> </span>initialized with 128 bit key</div> |
| 73 | <div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 74 | <div>Static Decrypt: Using 160 bit message hash <span> </span>'SHA1' for HMAC authentication</div> |
| 75 | <div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 76 | <div></div> |
| 77 | <div>Note that the keys which are <span> </span>shown in the OpenVPN output exactly match the</div> |
| 78 | <div>bracketed section of the key source.</div> |
| 79 | <div></div> |
| 80 | <div>Now if you want to use more of the key material, <span> </span>it is possible to use two</div> |
| 81 | <div>sets of encrypt/HMAC keys, one for each direction:</div> |
| 82 | <div></div> |
| 83 | <div>openvpn --dev null --verb 7 --secret key 0 | grep <span> </span>'crypt:'</div> |
| 84 | <div></div> |
| 85 | <div>(Note that the '0' after key chooses one symmetrical direction -- the</div> |
| 86 | <div>opposite peer would use a '1' to choose the other <span> </span>direction).</div> |
| 87 | <div></div> |
| 88 | <div>Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key</div> |
| 89 | <div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b <span> </span>5a22263a</div> |
| 90 | <div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div> |
| 91 | <div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 <span> </span>825e830a 7e30a796</div> |
| 92 | <div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key</div> |
| 93 | <div>Static Decrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b <span> </span>825ab31e</div> |
| 94 | <div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div> |
| 95 | <div>Static Decrypt: HMAC KEY: adddb889 b8173ac7 9b426132 <span> </span>8770bbbe 74294bc7</div> |
| 96 | <div></div> |
| 97 | <div>Now notice that the Encrypt and Decrypt keys are no longer identical. The</div> |
| 98 | <div>encrypt keys are drawing key material <span> </span>from lines 1, 5, and 6 in the key</div> |
| 99 | <div>file, while the decrypt keys are drawing from lines 9, 13, and 14.</div> |
| 100 | <div></div> |
| 101 | <div>Now the opposite peer will use <span> </span>a key-direction of 1:</div> |
| 102 | <div></div> |
| 103 | <div>openvpn --dev null --verb 7 --secret key 1 | grep 'crypt:'</div> |
| 104 | <div></div> |
| 105 | <div>Static Encrypt: Cipher 'BF-CBC' initialized <span> </span>with 128 bit key</div> |
| 106 | <div>Static Encrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b 825ab31e</div> |
| 107 | <div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span> authentication</div> |
| 108 | <div>Static Encrypt: HMAC KEY: adddb889 b8173ac7 9b426132 8770bbbe 74294bc7</div> |
| 109 | <div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 <span> </span>bit key</div> |
| 110 | <div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 111 | <div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span>authentication</div> |
| 112 | <div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 113 | <div></div> |
| 114 | <div>Notice how the Encrypt and Decrypt keys are <span> </span>swapped, in relation to the</div> |
| 115 | <div>key-direction 1 example.</div> |
| 116 | <div></div> |
| 117 | <div>So you might ask why is the OpenVPN static key file so large, if such a</div> |
| 118 | <div><span> </span>small percentage of the bits are currently used? The answer is to</div> |
| 119 | <div>accomodate future ciphers and HMAC hashes which use large keys. Changing <span> </span></div> |
| 120 | <div>a file format is obviously problematic from a compatibility perspective,</div> |
| 121 | <div>so 2048 bits were chosen so that two sets of 512-bit encrypt and <span> </span>HMAC keys</div> |
| 122 | <div>could be derived for two separate key directions.</div> |
| 123 | <div></div> |
| 124 | }}} |
| 125 | |
| 126 | [wiki:FAQ Return to FAQ] |