Newer
Older
# Plugins implementing TLS Crypt V2 for OpenVPN
This repository contains multiple plugins each implementing the TLS Crypt V2 mechanism in a HSM or Hardware Token. To use any of the plugins, it is required to patch OpenVPN to add a plugin Hook for performing TLS Crypt V2 operations.
Each plugin is an individual CMake project and can compiled with it. Dependencies depend on plugin:
* SoftHSM: softhsm
* YubiKey: openssl, yubico-c
* Smartcard: pcsclite, ant
Using the Smartcard Key Wrapping plugin requires compiling and loading a Java Applet onto a Smartcard. The applet code is provided in `SmartcardKeyWrapping/SmartcardKeyWrappingApplet`. The applet is an Ant Project.
Add the plugin to your server config and add arguments depending on the plugin. Order of arguments matters!
* SoftHSM: Path to SoftHSM2 Library (e.g. /usr/lib/pkcs11/libsofthsm2.so)
* YubiKey: Slot number to use on the YubiKey (e.g. 1 or 2) and access code for the YubiKey (if unknown / not set: 0)
* Smartcard: No arguments required