-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, ------- Original Message ------- On Thursday, June 9th, 2022 at 06:31, Micio Lampo <micio.la...@gmail.com> wrote: > Thanks a lot for your immense patience! > Easy-RSA 3 license: GPLv2 > > I repeated some checks, and the results are: > > build-ca: > ----------- > ) The execution of the command 'build-ca' without 'nopass' asks to > choose/define two new passphrases: > 1) a CA key passphrase (-> 'Enter New CA Key Passphrase:') (**), > > 2) a PEM passphrase (-> 'Enter PEM pass phrase:') (+++). > > > *) The execution of the command 'build-ca' ##with## 'nopass' asks to > choose/define one new passphrase: > 1) a PEM passphrase (-> 'Enter PEM pass phrase:'). > > > build-server/client-full: > ------------------------------- > *) The execution of the command 'build-server/client-full server/client' > without 'nopass' > 1) asks for the above PEM passphrase (+++) (-> 'Enter pass phrase for > > ca.key:'), and > 2) to choose one new PEM passphrase (%%%) (-> 'Enter PEM pass phrase:'). > > > *) The execution of the command 'build-server/client-full server/client' > ##with## 'nopass' asks for > the above PEM passphrase (+++) (-> 'Enter pass phrase for ca.key:'). > > > Again, the CA key's passphrase () is never asked again. > > What is confusing is that 'nopass' > - used with 'build-ca' refers to the CA key's passphrase (), > - used with 'build-server/client-full server/client' refers to the > server/client's PEM passphrase (%%%). > -->> Not much intuitive/coherent... Two different things, then two > > different terms. > > Have a nice day! > > Your confusion appears to be the terms used to gather passwords. Using easyrsa git/master: When you build a CA with a password, *easyrsa* asks: 1183: printf "Enter New CA Key Passphrase: " This is how easyrsa asks for a "CA Key Passphrase". When you build a server/client keypair, *OpenSSL* asks: Enter PEM pass phrase: This is how OpenSSL asks for a "PEM pass phrase". We could change the easyrsa "CA Key Passphrase" prompt to match the OpenSSL "PEM pass phrase" prompt .. but nobody ever mentioned this as a source of confusion before .. Having slightly unique, differing prompts seems logical to me, two different prompts for two different purposes. But perhaps I am still missing your point .. BTW: `easyrsa version` should provide the version information. -- -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJiocPgACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ31uwf+KkVSCaytXeHdV0b5xDOP5ipIDoGPOMZ+OmPA+Q4m29RuMaOQ tUw77e4UyDDbABdHReN/5941h0OkHdL316s0mtbSJCGlrQtie6jmOOZ3mSWl Xu7Lo/1lq02/TPCYNsaqYztgxtB3DooAlFykiWtUUctuuQh9L7R0WOpI2n4j gVXlC/9FgSbePl0aoboCuxZpXznKtY5WheMjZOq+Xroj3VvS8cSiOmf1HDdS euoauW9COuc2Ita5AtvPg+juj4JFS0w13/4JJ97MiwGosurShTl6lVgxeadT yK64x/jtxI+3rpln3V0dV+GhU819CUqxAsEOTsqWIm9sq6TELfP+3w== =Qvm6 -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users