From: Selva Nair <selva.n...@gmail.com> Signed-off-by: Selva Nair <selva.n...@gmail.com> --- doc/management-notes.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
diff --git a/doc/management-notes.txt b/doc/management-notes.txt index a9ba18a..e2e8249 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -795,6 +795,36 @@ Base64 encoded output of RSA_private_encrypt() (OpenSSL) or mbedtls_pk_sign() This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. +COMMAND -- ecdsa-sig (OpenVPN 2.5 or higher) +------------------------------------------ +Same as rsa-sig but for EC keys: requires openssl 1.1 + +Provides support for external storage of the EC private key. Requires the +--management-external-key option. This option can be used instead of "key" +in client mode, and allows the client to run without the need to load the +actual private key. When the SSL protocol needs to perform a sign +operation, the data to be signed will be sent to the management interface +via a notification as follows: + +>ECDSA_SIGN:[BASE64_DATA] + +The management interface client should then create a DER encoded signature of +the (decoded) BASE64_DATA using the private key and return the SSL signature as +follows: + +ecdsa-sig +[BASE64_SIG_LINE] +. +. +. +END + +Base64 encoded output of ECDSA_sign() (OpenSSL) or mbedtls_pk_sign() +(mbed TLS) will provide a correct signature. + +This capability is intended to allow the use of arbitrary cryptographic +service providers with OpenVPN via the management interface. + COMMAND -- certificate (OpenVPN 2.4 or higher) ---------------------------------------------- Provides support for external storage of the certificate. Requires the -- 2.1.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
