Staff 10014 Posted ... Hello! We're very glad to announce that a new option has been added in your account "Client Area". You will find a menu item labeled "Devices / Keys". The "Devices / Keys" tab provides you with access to a new panel to administer your client certificate/key pairs. The panel lets you use a new multi-key support from AirVPN, a comfortable and convenient feature. From now on, you will be able to have multiple keys, renew them and issue completely new keys. From each device of yours you will be free to use any key you like. Therefore you can keep all of your keys under control, administer them and also connect multiple devices to the same server and port by using a different key on each device. Eddie 2.13.6 (current stable release) already implements in the Overview window a menu which will let you choose a key before you start a connection. It will appear automagically when you create a new key from your account control panel. The Configuration Generator has been modified as well, to let you generate configuration files with the certificate/key pair you wish. Let's see in details how to use the "Devices/Keys" options.Device Name and Description: this is a free name or description that you can associate to any key for your comfort.Columns Type, Creation date, Last renew date and Last VPN connection are informative.Renew: this is an action button. When you click it, the corresponding certificate/key pair will be revoked, and new ones will be issued.Delete: this action button will revoke the corresponding certificate, without issuing a new one.Add a new key: this action button will create a totally new certificate/key pair which will be added without revoking or renewing any pre-existing key.View history will toggle with View Active to provide you with any relevant information on the history of your actions about keys and the current active list. Some caution when using these new features:if you revoke or renew a certificate/key which is being used by some connected device, that device will soon be disconnectedin Eddie, you will need to log your account out and then in again to force Eddie to pick a different key (new or old) Kind regards and dataloveAirVPN Staff 14 torstenchr, Flx, Zyrafir and 11 others reacted to this Quote Share this post Link to post
go558a83nk 364 Posted ... Interesting. The new keys are SHA512, not SHA1. 1 nexsteppe reacted to this Quote Share this post Link to post
Flx 76 Posted ... How do you change the Connection Type from sha512 to sha1 and vice-versa? Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
Flx 76 Posted ... Connection is set by default to sha512...hhhmmmm Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
Staff 10014 Posted ... How do you change the Connection Type from sha512 to sha1 and vice-versa? Hello! You can't change the integrity message digest: in the relevant phase, with the new certificate-key pairs, it will be always SHA512, not SHA1. Cipher is 4096 bit RSA as usual. Kind regards Quote Share this post Link to post
Guest Posted ... How do you change the Connection Type from sha512 to sha1 and vice-versa? Hello! You can't change the integrity message digest: in the relevant phase, with the new certificate-key pairs, it will be always SHA512, not SHA1. Cipher is 4096 bit RSA as usual. Kind regards So i assume this has to change from the main website page now that the keys are sha512? Stay protected with the security offered by high level encryption: 4096 bit RSA keys size, AES-256-CBC Data Channel, HMAC SHA1 Control Channel Quote Share this post Link to post
Staff 10014 Posted ... So i assume this has to change from the main website page now that the keys are sha512? Stay protected with the security offered by high level encryption: 4096 bit RSA keys size, AES-256-CBC Data Channel, HMAC SHA1 Control Channel Hello! Not exactly, since the Control Channel of OpenVPN maintains HMAC SHA1 available as digest (HMAC SHA384 is available as well, starting from some version of OpenVPN). New Data Channel ciphers will be available as well. All the changes will be fully applied after IPv6 testing is over (internal testing is over and successful, public testing on at least one server will start in the very near future). A new https://airvpn.org/specs page will clarify all the new supported modes in due time. Kind regards Quote Share this post Link to post
calcu007 5 Posted ... Where is the option to chose keys in Eddie Client? I dont see it Quote Share this post Link to post
Staff 10014 Posted ... Where is the option to chose keys in Eddie Client? I dont see it Hello! First, please make sure that you run version 2.13.6 (check in "AirVPN" > "About" your version and upgrade if necessary). Then, from the main window, log your account out and log it in again. You should see (before you start a connection) a combo box "Device:", which will let you pick the keys you generated (the description you picked will be shown). Kind regards Quote Share this post Link to post
Flx 76 Posted ... Connection is set by default to sha512...hhhmmmmConnection Type is set to sha512...but you don't explain it very well in your Details. From each device of yours you will be free to use any key you like.Many here thought that you updated to SHA2. Well that is the way many would think.So that all on the client side can use SHA1 or SHA2. Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
OmniNegro 155 Posted ... HMAC SHA1 is a totally different thing than SHA1 by itself. And I seriously doubt anyone can actually come up with any use where HMAC SHA1 is less than 512 bits of assurance that the data you receive and/or send is not intact and unchanged.https://en.wikipedia.org/wiki/Hash-based_message_authentication_code And keep in mind that in binary, to double the possible uses of a value, you need to add exactly one single bit. So 512 bits is a massive number. I would guess this huge number is used to make timing attacks useless. Just last year, Google managed to do the unthinkable and managed a collision attack against a single 160 bit SHA-1 key. They never gave any details on how long it took in special conditions to make this happen, and I doubt they could ever do this to a distant IP due to the lag.https://en.wikipedia.org/wiki/SHA-1https://en.wikipedia.org/wiki/Secure_Hash_Algorithms If the keys in question exceed 160 bits, then they can only be SHA-2 or SHA-3. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
Fly AirVPN 12 Posted ... I deleted the SHA1 Default key. Will it be recreated if all SHA512 custom keys are deleted? I'm curious because a member might like to go back to only one Default key. Quote Share this post Link to post
Staff 10014 Posted ... Connection is set by default to sha512...hhhmmmmConnection Type is set to sha512...but you don't explain it very well in your Details. >>From each device of yours you will be free to use any key you like.Many here thought that you updated to SHA2. Well that is the way many would think. Hello! Yes, and that's correct. SHA2 is now the exclusive algorithm to generate the self-signed certificates (both on client and server side). So that all on the client side can use SHA1 or SHA2. No, any new pair will no more be generated with SHA1. Note (just in case some confusion is arising here) that the digest HMAC SHA1 for the OpenVPN channels packet authentication remains and will remain available: we have not and will not break compatibility with old OpenVPN versions. By the way, this is a separate topic, since HMAC SHA2 (specifically HMAC SHA384) has been available since a couple of years ago as a digest for the Control Channel (provided that you were running OpenVPN 2.3.3 or higher). Kind regards 1 OmniNegro reacted to this Quote Share this post Link to post
Fly AirVPN 12 Posted ... I deleted the SHA1 Default key. Will it be recreated if all SHA512 custom keys are deleted? I'm curious because a member might like to go back to only one Default key. Is there an answer for this question? Quote Share this post Link to post
go558a83nk 364 Posted ... I deleted the SHA1 Default key. Will it be recreated if all SHA512 custom keys are deleted? I'm curious because a member might like to go back to only one Default key. Is there an answer for this question? if you want only one key then have only 1 key. if you have only one key it'll be the default. Quote Share this post Link to post
6V3T8Z35t4KVP1aRtR8i 1 Posted ... Not sure what happened, but my speeds and connection reliability have drastically increased since providing each of my devices with a unique key. Not to mention I can connect multiple clients to the same server and port (without having to play the port management game). My guess is there's a technical reason behind this, and I'm curious if anyone can tell me more. Either way, thanks for prioritizing this great feature, it's been a long time coming. Quote Share this post Link to post
Clodo 177 Posted ... Where is the option to chose keys in Eddie Client? I dont see itNote: Eddie will NOT show the keys combobox if there is only one device/key that can be selected. For this reason the majority of users that still have the "Default" key don't see the combobox. Quote Share this post Link to post
calcu007 5 Posted ... I deleted all keys and now it dont allow me to create a new one. 1 spomyx reacted to this Quote Share this post Link to post
deltaman8 3 Posted ... "Add new key" is not working for me (Clicking it results in a blank page).Also a graphical glitch in Firefox for Mac: When you completely delete the description of a key, the blue pencil also disappears. EDIT: Creating a new key is now working. Thanks! Quote Share this post Link to post
dougxd 0 Posted ... (edited) The config generator page isn’t loading in iOS browsers. Just blank. Gonna fetch fresh profiles on my pc instead. Just FYI. **EDIT: Not loading on my PC either. Just a blank page...hmmm. I see others having the trouble in other thread. Oh well, patience, grasshopper. Edited ... by dougxd Quote Share this post Link to post
frk1337 3 Posted ... Thank you!!! SHA512 and multipe devices on the same server and port... Quote Share this post Link to post