This is on Windows 7. Before I used the 'easy-rsa' script for RSA keys. Now I
would like to know how to generate CA, server, client, etc. using ECDSA keys?
Thanks!
[Sorry, forgot to post to the list...]
The GIT version of EasyRSA will do EC keys/certs. [You can just download it and
use it - it's pretty easy.]
[Beware though, I believe that the keys are all encrypted with PBKDF v1 which,
while I don't know the specifics of, evidently uses VERY POOR encryption, and
is quite easy to break. [IIRC, something along the difficulty of breaking 56bit
DES - i.e. VERY BAD.]
IMO, the EasyRSA scripts *really* need re-writing to resolve this. I've done so
for my own purposes for RSA keys/certs, and it's possible the same code would
work for EC keys/certs - but I've never looked at it.
My code, frankly, sucks - so I don't believe it's ready for prime time - but I
haven't seen any real interest or desire from the devs of EasyRSA to address
this yet.
But you can always use EasyRSA to generate all the keys/certs and then
re-encrypt them using the OpenSSL tools. [Just make sure you keep the poorly
encrypted original keys very safe, and destroy them completely after you've
re-encrypted them.
HTH
-Greg
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users