RSA Keys

[McLoEa 25]

Hi all,

if someone could help me please,

how does the Open VPN client generate the RSA keys it uses for the initial handshake when logging on and then for the encryption of traffic?

Does Open VPN generate it's own keys ( and if so according to what rules) or does it 'buy in' a key or key template from the company of the name RSA or where do these keys come from?

Thanks.

[Staff 9972]

Hello,

 

the RSA keys are generated with OpenSSL. The TLS keys are exchanged via Diffie-Hellman (DHE, Diffie-Hellman Merkle key Exchange in TLS ephemeral mode to provide Perfect Forward Secrecy, see http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange about previous question on MITM and how to exchange a shared secret key over an insecure channel). Additionally re-keying occurs every 60 minutes by default (in addition to each new connection of course).

 

Kind regards

[McLoEa 25]

Hi,

thank you very much,

that's good news then for as far as I can see the RSA keys are generated using open source code and  do not have anything to do with the company RSA whose integrity ,for me at least, ,has been compromised by the Edward Snowden revelations.

Thanks again.