Changes between Version 2 and Version 3 of 327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key


Ignore:
Timestamp:
03/13/19 18:16:24 (12 months ago)
Author:
tincantech
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • 327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key

    v2 v3  
    177177
    178178[wiki:FAQ Return to FAQ]
     179
     180
     181== Original content:
     182
     183
     184
     185
     186{{{
     187#!html
     188<div>Q: I edited my OpenVPN static key, changing some of the hex bytes, but the key still connects to a remote peer which is using the original key. Is this a bug?</div>
     189<div></div>
     190<div>&gt;When I modify the Preshared 2048 bit Static Key on the Initiator Side of the</div>
     191<div>&gt;Tunnel(don't tested the other way) I'm anyhow able to  establish the</div>
     192<div>&gt;Tunnel an send Packets through the Tunnel. I don't understand</div>
     193<div>&gt;the Key splitting and handling as described below,   but I think the Keys</div>
     194<div>&gt;on both Sides of the Tunnel should be identical for the Tunnel to be</div>
     195<div>&gt;established.</div>
     196<div></div>
     197<div>&gt;I can    modify every Char in Line 2,3,4,7,8,9,10,11,12,13,14,15,16 without</div>
     198<div>any effect and think this is possible a Bug.</div>
     199<div></div>
     200<div>&gt;Bye</div>
     201<div>&gt;   Klaus</div>
     202<div></div>
     203
     204<div>No, this is not a bug.  The 2048 bit static key is designed to be large</div>
     205<div>enough to allow 512 bit encrypt, decrypt, HMAC send,    and HMAC receive keys</div>
     206<div>to be extracted from it.</div>
     207<div></div>
     208[[br]]
     209<div>However, this key size is far too large for current conventional OpenVPN</div>
     210<div>usage.     OpenVPN uses the 128 bit blowfish cipher by default.  It also uses</div>
     211<div>the 160 bit HMAC-SHA1 as a cryptographic signature on packets to protect  <span> </span></div>
     212<div>against tampering.  Since you probably didn't specify a key direction</div>
     213<div>parameter, the encrypt/decrypt keys for both directions are the  <span> </span>same and</div>
     214<div>the HMAC keys for both directions are also the same.</div>
     215<div></div>
     216[[br]]
     217<div>That means that OpenVPN is only actually using 128 + 160 = 288 bits  <span> </span>out of</div>
     218<div>the file -- much less than the 2048 bits which are available.</div>
     219<div></div>
     220[[br]]
     221<div>Below, I will show a sample 2048 bit OpenVPN key, bracketed  <span> </span>to show which</div>
     222<div>bits are actually used for key material, assuming default crypto settings:</div>
     223<div></div>
     224[[br]]
     225<div>#</div>
     226<div># 2048 bit OpenVPN static key</div>
     227<div><span> </span>#</div>
     228<div>-----BEGIN OpenVPN Static key V1-----</div>
     229<div>[eac9ae92cd73c5c2d6a2338b5a22263a] -> 128 bits for cipher</div>
     230<div>4ef4a22326d2a996e0161d25d41150c8 <span> </span></div>
     231<div>38bebc451ccf8ad19c7d1c7ce09742c3</div>
     232<div>2047ba60f1d97d47c88f7ab0afafb2ce</div>
     233<div>[f702cb04c7d15ff2606736c1825e830a  -> 160 bits for HMAC  <span> </span>SHA1</div>
     234<div>7e30a796] 4b82825d6767a04b3c8f4583</div>
     235<div>d4928127262c3a8603776bd6da339f69</div>
     236<div>dece3bbfee35f1dceb7cbceaef4c6933</div>
     237<div><span> </span>2c2cef8ac550ed15213b216b825ab31e</div>
     238<div>49840f99ff9df3c5f31156439ed6b99c</div>
     239<div>4fc1bff417d33d77134365e38c9d71cd</div>
     240<div>e294ba6e65d51703d6d4a629d5fc618e <span> </span></div>
     241<div>adddb889b8173ac79b4261328770bbbe</div>
     242<div>74294bc79e357c82af9ef53f2968be6a</div>
     243<div>007e6022da0a1a39f2ed5660f94a5926</div>
     244<div><span> </span>35d72e5838dd78dd680d91f6edcf6988</div>
     245<div>-----END OpenVPN Static key V1-----</div>
     246<div></div>
     247[[br]]
     248<div>As you can see, the only lines actually used are 1, 5, and 6.   <span> </span>And of</div>
     249<div>course, that matches up perfectly with what you observed.</div>
     250<div></div>
     251[[br]]
     252<div>To verify this, run OpenVPN as follows:</div>
     253<div></div>
     254<div>openvpn --dev  <span> </span>null --verb 7 --secret key | grep 'crypt:'</div>
     255<div></div>
     256<div>where 'key' is a file containing the key shown above.</div>
     257<div></div>
     258<div>Static Encrypt: Cipher  <span> </span>'BF-CBC' initialized with 128 bit key</div>
     259<div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
     260<div>Static Encrypt: Using 160 bit message  <span> </span>hash 'SHA1' for HMAC authentication</div>
     261<div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
     262<div>Static Decrypt: Cipher 'BF-CBC'  <span> </span>initialized with 128 bit key</div>
     263<div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
     264<div>Static Decrypt: Using 160 bit message hash  <span> </span>'SHA1' for HMAC authentication</div>
     265<div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
     266<div></div>
     267<div>Note that the keys which are  <span> </span>shown in the OpenVPN output exactly match the</div>
     268<div>bracketed section of the key source.</div>
     269<div></div>
     270<div>Now if you want to use more of the key material,  <span> </span>it is possible to use two</div>
     271<div>sets of encrypt/HMAC keys, one for each direction:</div>
     272<div></div>
     273<div>openvpn --dev null --verb 7 --secret key 0 | grep  <span> </span>'crypt:'</div>
     274<div></div>
     275<div>(Note that the '0' after key chooses one symmetrical direction -- the</div>
     276<div>opposite peer would use a '1' to choose the other  <span> </span>direction).</div>
     277<div></div>
     278<div>Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key</div>
     279<div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b  <span> </span>5a22263a</div>
     280<div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div>
     281<div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1  <span> </span>825e830a 7e30a796</div>
     282<div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key</div>
     283<div>Static Decrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b  <span> </span>825ab31e</div>
     284<div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div>
     285<div>Static Decrypt: HMAC KEY: adddb889 b8173ac7 9b426132  <span> </span>8770bbbe 74294bc7</div>
     286<div></div>
     287<div>Now notice that the Encrypt and Decrypt keys are no longer identical.  The</div>
     288<div>encrypt keys are drawing key material  <span> </span>from lines 1, 5, and 6 in the key</div>
     289<div>file, while the decrypt keys are drawing from lines 9, 13, and 14.</div>
     290<div></div>
     291<div>Now the opposite peer will use  <span> </span>a key-direction of 1:</div>
     292<div></div>
     293<div>openvpn --dev null --verb 7 --secret key 1 | grep 'crypt:'</div>
     294<div></div>
     295<div>Static Encrypt: Cipher 'BF-CBC' initialized  <span> </span>with 128 bit key</div>
     296<div>Static Encrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b 825ab31e</div>
     297<div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span> authentication</div>
     298<div>Static Encrypt: HMAC KEY: adddb889 b8173ac7 9b426132 8770bbbe 74294bc7</div>
     299<div>Static Decrypt: Cipher 'BF-CBC' initialized with 128  <span> </span>bit key</div>
     300<div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
     301<div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC  <span> </span>authentication</div>
     302<div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
     303<div></div>
     304<div>Notice how the Encrypt and Decrypt keys are  <span> </span>swapped, in relation to the</div>
     305<div>key-direction 1 example.</div>
     306<div></div>
     307<div>So you might ask why is the OpenVPN static key file so large, if such a</div>
     308<div><span> </span>small percentage of the bits are currently used?  The answer is to</div>
     309<div>accomodate future ciphers and HMAC hashes which use large keys.  Changing  <span> </span></div>
     310<div>a file format is obviously problematic from a compatibility perspective,</div>
     311<div>so 2048 bits were chosen so that two sets of 512-bit encrypt and  <span> </span>HMAC keys</div>
     312<div>could be derived for two separate key directions.</div>
     313<div></div>
     314}}}