Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to protect public and private keys

Posted on 2008-10-30
7
Medium Priority
?
350 Views
Last Modified: 2012-05-05
Hi there,

I've recently set up open vpn.

On my windows box (the client) I have put a ca.crt and client1.crt and client1.key into the config directory. These keys were made on a totally seperate server (different from the openVPN server).

If someone got a hold of my ca.crt, what would stop them from creating their own client keys on a server of their own, and using them to connect to my vpn?

Cheers
0
Comment
Question by:jonnytabpni
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:rpkhare
ID: 22848226
It is recommended to keep the Private Keys on a separate disk like USB Drives etc. But why you want to protect the Public Keys?
0
 

Author Comment

by:jonnytabpni
ID: 22848233
can't someone just create their own private keys themselves?

All I had to do was use easy-rsa and run ./build-key client1

Is ca.crt a public or private key?
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22848247
Even if someone creates a private key, they will not be able to decrypt. Creation of keys includes randomly generated data which is continuously refreshed. It will always be unique.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:jonnytabpni
ID: 22848256
I'm really sorry but my knowledge of PKI is very bad!

I understand that no one will be able to decrypt unless they use the correct private key.

But my question is that, if someone creates their own private key, will they be able to connect to the vpn and use my resources?
0
 
LVL 8

Accepted Solution

by:
rpkhare earned 1500 total points
ID: 22848291
I have no knowledge of VPN. But in case your VPN requires your Private Key for login then no other private key will work.
0
 

Author Comment

by:jonnytabpni
ID: 22848302
hmm that's the thing I'm not sure about. I generated all my certs and keys on a totaly seperate server.

The openVPN server didn't have an option to specify *which* private keys are allowed..
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22848318
Here you can find how it works:
http://en.wikipedia.org/wiki/OpenVPN
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question