Home
Hello, I need some clarifications about SecureVNC plugin 2.4.0.0.
I have done some test, but I don't understand some elements.
- The client authentication keys, *Server_ClientAuth.pubkey and *Viewer_ClientAuth.pkey will be used by the server to authenticate the client.
OK, but usually during the creation of a pair of public/private key is recommended to use a passphrase.
WinVNC during the building which passphrase will be used? Is it the same that is present on the dialog of WinVnc where I can Generate Client authentication Key?
If will not be used any passphrase, how will the VncViewer verify that the private key *Viewer_ClientAuth.pkey is correct?
The contents of the *Server_ClientAuth.pubkey and *Viewer_ClientAuth.pkey has not the same format of the file generated from tools like gpg, and seems to be encrypted.
How were they built?
The RSA size affects the size of the client authentication keys that you generate, and the public key that are automatically generate by the server?.
The vncviewer client where will look for the corresponding private key?
Thank you for your patience.
SecureVNC plugin 2.4.0.0 info
-
Rudi De Vos
- Admin & Developer
- Posts: 6413
- Joined: 2004-04-23 10:21
- Contact:
Re: SecureVNC plugin 2.4.0.0 info
plugin without passphrase or key : Use vnc passwd as part of the key
Server and viewer exchange using DH a key
plugin with passphrase: passphrase is used as part of the key
DH exchange the key
plugin with key
You manual need to exchange the key, this key also act as authentication ( it's like a 2024 char pass)
You first generate a private.key
openssl genrsa -des3 -out private.pem 2048
From the private key you derive a public
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Vierwer is able to verify if public is genarted from private
See
https://www.openssl.org/docs/man1.0.2/m ... ey_ex.html
Server and viewer exchange using DH a key
plugin with passphrase: passphrase is used as part of the key
DH exchange the key
plugin with key
You manual need to exchange the key, this key also act as authentication ( it's like a 2024 char pass)
You first generate a private.key
openssl genrsa -des3 -out private.pem 2048
From the private key you derive a public
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Vierwer is able to verify if public is genarted from private
See
https://www.openssl.org/docs/man1.0.2/m ... ey_ex.html
-
splintercode
- 8
- Posts: 13
- Joined: 2010-09-10 14:46
Re: SecureVNC plugin 2.4.0.0 info
Thank you mr. Rudi
But during the creation of the private key
>>openssl genrsa -des3 -out private.pem 2048
which passphrase is used? The same password that I typed during the creation of the public/private key, from the plugin configuration mask?
I have tried compiling the source of WinVnc, indicating to the plugin via CDSMPlugin::SetPluginParams() another passphrase.
Keeping the same public and private keys of course, running the VNCViewer the connection is accepted only if I type the same passphare indicated during the call to CDSMPlugin::SetPluginParams()
So, which is the passphrase used on the creation on the pubblic/private key?
Thanks for any clarification.
But during the creation of the private key
>>openssl genrsa -des3 -out private.pem 2048
which passphrase is used? The same password that I typed during the creation of the public/private key, from the plugin configuration mask?
I have tried compiling the source of WinVnc, indicating to the plugin via CDSMPlugin::SetPluginParams() another passphrase.
Keeping the same public and private keys of course, running the VNCViewer the connection is accepted only if I type the same passphare indicated during the call to CDSMPlugin::SetPluginParams()
So, which is the passphrase used on the creation on the pubblic/private key?
Thanks for any clarification.