When setting up a tls-crypt-v2 group (similar to generating a tls-crypt or
tls-auth key previously):
-1. Generate a tls-crypt-v2 server key using OpenVPN's ``--tls-crypt-v2-genkey server``.
+1. Generate a tls-crypt-v2 server key using OpenVPN's ``--genkey tls-crypt-v2-server``.
This key contains 2 512-bit keys, of which we use:
* the first 256 bits of key 1 as AES-256-CTR encryption key ``Ke``
When provisioning a client, create a client-specific tls-crypt key:
-1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--tls-crypt-v2-genkey client``
+1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--genkey tls-crypt-v2-client``
2. Optionally generate metadata
" see --secret option for more info.\n"
"--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n"
" For servers: use key to decrypt client-specific keys. For\n"
- " key generation (--tls-crypt-v2-genkey): use key to\n"
+ " key generation (--genkey tls-crypt-v2-client): use key to\n"
" encrypt generated client-specific key. (See --tls-crypt.)\n"
"--genkey tls-crypt-v2-client [keyfile] [base64 metadata]: Generate a\n"
" fresh tls-crypt-v2 client key, and store to\n"
projects / thirdparty / openvpn.git / commitdiff
