Solved

How to protect public and private keys

Posted on 2008-10-30
7
336 Views
Last Modified: 2012-05-05
Hi there,

I've recently set up open vpn.

On my windows box (the client) I have put a ca.crt and client1.crt and client1.key into the config directory. These keys were made on a totally seperate server (different from the openVPN server).

If someone got a hold of my ca.crt, what would stop them from creating their own client keys on a server of their own, and using them to connect to my vpn?

Cheers
0
Comment
Question by:jonnytabpni
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:rpkhare
Comment Utility
It is recommended to keep the Private Keys on a separate disk like USB Drives etc. But why you want to protect the Public Keys?
0
 

Author Comment

by:jonnytabpni
Comment Utility
can't someone just create their own private keys themselves?

All I had to do was use easy-rsa and run ./build-key client1

Is ca.crt a public or private key?
0
 
LVL 8

Expert Comment

by:rpkhare
Comment Utility
Even if someone creates a private key, they will not be able to decrypt. Creation of keys includes randomly generated data which is continuously refreshed. It will always be unique.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:jonnytabpni
Comment Utility
I'm really sorry but my knowledge of PKI is very bad!

I understand that no one will be able to decrypt unless they use the correct private key.

But my question is that, if someone creates their own private key, will they be able to connect to the vpn and use my resources?
0
 
LVL 8

Accepted Solution

by:
rpkhare earned 500 total points
Comment Utility
I have no knowledge of VPN. But in case your VPN requires your Private Key for login then no other private key will work.
0
 

Author Comment

by:jonnytabpni
Comment Utility
hmm that's the thing I'm not sure about. I generated all my certs and keys on a totaly seperate server.

The openVPN server didn't have an option to specify *which* private keys are allowed..
0
 
LVL 8

Expert Comment

by:rpkhare
Comment Utility
Here you can find how it works:
http://en.wikipedia.org/wiki/OpenVPN
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now