Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
1 result
Compare History
user avatar
Implement plugin for interacting with key derivation applet
Emily Ehlert authored
7f7a1d1d
Name Last commit Last update
SmartcardKeyChallenge
SmartcardKeyWrapping
SoftHSMKeyWrappingLibrary
TestEnvironment
ThirdParty
YubikeyKeyDerivationLibrary
openvpn_patched @ 6052ff72
.gitmodules
README.md
README.md

Plugins implementing TLS Crypt V2 for OpenVPN

Description

This repository contains multiple plugins each implementing the TLS Crypt V2 mechanism in a HSM or Hardware Token. To use any of the plugins, it is required to patch OpenVPN to add a plugin Hook for performing TLS Crypt V2 operations.

Installation

Each plugin is an individual CMake project and can compiled with it. Dependencies depend on plugin:

  • SoftHSM: softhsm
  • YubiKey: openssl, yubico-c
  • Smartcard: pcsclite, ant

Using the Smartcard Key Wrapping plugin requires compiling and loading a Java Applet onto a Smartcard. The applet code is provided in SmartcardKeyWrapping/SmartcardKeyWrappingApplet. The applet is an Ant Project.

Usage

Add the plugin to your server config and add arguments depending on the plugin. Order of arguments matters!

  • SoftHSM: Path to SoftHSM2 Library (e.g. /usr/lib/pkcs11/libsofthsm2.so)
  • YubiKey: Slot number to use on the YubiKey (e.g. 1 or 2) and access code for the YubiKey (if unknown / not set: 0)
  • Smartcard: No arguments required