| 179 | |
| 180 | |
| 181 | == Original content: |
| 182 | |
| 183 | |
| 184 | |
| 185 | |
| 186 | {{{ |
| 187 | #!html |
| 188 | <div>Q: I edited my OpenVPN static key, changing some of the hex bytes, but the key still connects to a remote peer which is using the original key. Is this a bug?</div> |
| 189 | <div></div> |
| 190 | <div>>When I modify the Preshared 2048 bit Static Key on the Initiator Side of the</div> |
| 191 | <div>>Tunnel(don't tested the other way) I'm anyhow able to establish the</div> |
| 192 | <div>>Tunnel an send Packets through the Tunnel. I don't understand</div> |
| 193 | <div>>the Key splitting and handling as described below, but I think the Keys</div> |
| 194 | <div>>on both Sides of the Tunnel should be identical for the Tunnel to be</div> |
| 195 | <div>>established.</div> |
| 196 | <div></div> |
| 197 | <div>>I can modify every Char in Line 2,3,4,7,8,9,10,11,12,13,14,15,16 without</div> |
| 198 | <div>any effect and think this is possible a Bug.</div> |
| 199 | <div></div> |
| 200 | <div>>Bye</div> |
| 201 | <div>> Klaus</div> |
| 202 | <div></div> |
| 203 | |
| 204 | <div>No, this is not a bug. The 2048 bit static key is designed to be large</div> |
| 205 | <div>enough to allow 512 bit encrypt, decrypt, HMAC send, and HMAC receive keys</div> |
| 206 | <div>to be extracted from it.</div> |
| 207 | <div></div> |
| 208 | [[br]] |
| 209 | <div>However, this key size is far too large for current conventional OpenVPN</div> |
| 210 | <div>usage. OpenVPN uses the 128 bit blowfish cipher by default. It also uses</div> |
| 211 | <div>the 160 bit HMAC-SHA1 as a cryptographic signature on packets to protect <span> </span></div> |
| 212 | <div>against tampering. Since you probably didn't specify a key direction</div> |
| 213 | <div>parameter, the encrypt/decrypt keys for both directions are the <span> </span>same and</div> |
| 214 | <div>the HMAC keys for both directions are also the same.</div> |
| 215 | <div></div> |
| 216 | [[br]] |
| 217 | <div>That means that OpenVPN is only actually using 128 + 160 = 288 bits <span> </span>out of</div> |
| 218 | <div>the file -- much less than the 2048 bits which are available.</div> |
| 219 | <div></div> |
| 220 | [[br]] |
| 221 | <div>Below, I will show a sample 2048 bit OpenVPN key, bracketed <span> </span>to show which</div> |
| 222 | <div>bits are actually used for key material, assuming default crypto settings:</div> |
| 223 | <div></div> |
| 224 | [[br]] |
| 225 | <div>#</div> |
| 226 | <div># 2048 bit OpenVPN static key</div> |
| 227 | <div><span> </span>#</div> |
| 228 | <div>-----BEGIN OpenVPN Static key V1-----</div> |
| 229 | <div>[eac9ae92cd73c5c2d6a2338b5a22263a] -> 128 bits for cipher</div> |
| 230 | <div>4ef4a22326d2a996e0161d25d41150c8 <span> </span></div> |
| 231 | <div>38bebc451ccf8ad19c7d1c7ce09742c3</div> |
| 232 | <div>2047ba60f1d97d47c88f7ab0afafb2ce</div> |
| 233 | <div>[f702cb04c7d15ff2606736c1825e830a -> 160 bits for HMAC <span> </span>SHA1</div> |
| 234 | <div>7e30a796] 4b82825d6767a04b3c8f4583</div> |
| 235 | <div>d4928127262c3a8603776bd6da339f69</div> |
| 236 | <div>dece3bbfee35f1dceb7cbceaef4c6933</div> |
| 237 | <div><span> </span>2c2cef8ac550ed15213b216b825ab31e</div> |
| 238 | <div>49840f99ff9df3c5f31156439ed6b99c</div> |
| 239 | <div>4fc1bff417d33d77134365e38c9d71cd</div> |
| 240 | <div>e294ba6e65d51703d6d4a629d5fc618e <span> </span></div> |
| 241 | <div>adddb889b8173ac79b4261328770bbbe</div> |
| 242 | <div>74294bc79e357c82af9ef53f2968be6a</div> |
| 243 | <div>007e6022da0a1a39f2ed5660f94a5926</div> |
| 244 | <div><span> </span>35d72e5838dd78dd680d91f6edcf6988</div> |
| 245 | <div>-----END OpenVPN Static key V1-----</div> |
| 246 | <div></div> |
| 247 | [[br]] |
| 248 | <div>As you can see, the only lines actually used are 1, 5, and 6. <span> </span>And of</div> |
| 249 | <div>course, that matches up perfectly with what you observed.</div> |
| 250 | <div></div> |
| 251 | [[br]] |
| 252 | <div>To verify this, run OpenVPN as follows:</div> |
| 253 | <div></div> |
| 254 | <div>openvpn --dev <span> </span>null --verb 7 --secret key | grep 'crypt:'</div> |
| 255 | <div></div> |
| 256 | <div>where 'key' is a file containing the key shown above.</div> |
| 257 | <div></div> |
| 258 | <div>Static Encrypt: Cipher <span> </span>'BF-CBC' initialized with 128 bit key</div> |
| 259 | <div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 260 | <div>Static Encrypt: Using 160 bit message <span> </span>hash 'SHA1' for HMAC authentication</div> |
| 261 | <div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 262 | <div>Static Decrypt: Cipher 'BF-CBC' <span> </span>initialized with 128 bit key</div> |
| 263 | <div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 264 | <div>Static Decrypt: Using 160 bit message hash <span> </span>'SHA1' for HMAC authentication</div> |
| 265 | <div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 266 | <div></div> |
| 267 | <div>Note that the keys which are <span> </span>shown in the OpenVPN output exactly match the</div> |
| 268 | <div>bracketed section of the key source.</div> |
| 269 | <div></div> |
| 270 | <div>Now if you want to use more of the key material, <span> </span>it is possible to use two</div> |
| 271 | <div>sets of encrypt/HMAC keys, one for each direction:</div> |
| 272 | <div></div> |
| 273 | <div>openvpn --dev null --verb 7 --secret key 0 | grep <span> </span>'crypt:'</div> |
| 274 | <div></div> |
| 275 | <div>(Note that the '0' after key chooses one symmetrical direction -- the</div> |
| 276 | <div>opposite peer would use a '1' to choose the other <span> </span>direction).</div> |
| 277 | <div></div> |
| 278 | <div>Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key</div> |
| 279 | <div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b <span> </span>5a22263a</div> |
| 280 | <div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div> |
| 281 | <div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 <span> </span>825e830a 7e30a796</div> |
| 282 | <div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key</div> |
| 283 | <div>Static Decrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b <span> </span>825ab31e</div> |
| 284 | <div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div> |
| 285 | <div>Static Decrypt: HMAC KEY: adddb889 b8173ac7 9b426132 <span> </span>8770bbbe 74294bc7</div> |
| 286 | <div></div> |
| 287 | <div>Now notice that the Encrypt and Decrypt keys are no longer identical. The</div> |
| 288 | <div>encrypt keys are drawing key material <span> </span>from lines 1, 5, and 6 in the key</div> |
| 289 | <div>file, while the decrypt keys are drawing from lines 9, 13, and 14.</div> |
| 290 | <div></div> |
| 291 | <div>Now the opposite peer will use <span> </span>a key-direction of 1:</div> |
| 292 | <div></div> |
| 293 | <div>openvpn --dev null --verb 7 --secret key 1 | grep 'crypt:'</div> |
| 294 | <div></div> |
| 295 | <div>Static Encrypt: Cipher 'BF-CBC' initialized <span> </span>with 128 bit key</div> |
| 296 | <div>Static Encrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b 825ab31e</div> |
| 297 | <div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span> authentication</div> |
| 298 | <div>Static Encrypt: HMAC KEY: adddb889 b8173ac7 9b426132 8770bbbe 74294bc7</div> |
| 299 | <div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 <span> </span>bit key</div> |
| 300 | <div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div> |
| 301 | <div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span>authentication</div> |
| 302 | <div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div> |
| 303 | <div></div> |
| 304 | <div>Notice how the Encrypt and Decrypt keys are <span> </span>swapped, in relation to the</div> |
| 305 | <div>key-direction 1 example.</div> |
| 306 | <div></div> |
| 307 | <div>So you might ask why is the OpenVPN static key file so large, if such a</div> |
| 308 | <div><span> </span>small percentage of the bits are currently used? The answer is to</div> |
| 309 | <div>accomodate future ciphers and HMAC hashes which use large keys. Changing <span> </span></div> |
| 310 | <div>a file format is obviously problematic from a compatibility perspective,</div> |
| 311 | <div>so 2048 bits were chosen so that two sets of 512-bit encrypt and <span> </span>HMAC keys</div> |
| 312 | <div>could be derived for two separate key directions.</div> |
| 313 | <div></div> |
| 314 | }}} |