[Openswan Users] How to check the host identity ?

Bryan McAninch bryan at mcaninch.org
Fri May 20 14:10:04 CEST 2005 

 

<----- snip ----->
 
> thx a lot, bryan !
> 
> OK, I understand all the steps you added and of course I have done it.
> But as I said,  I am testing a VPN using certificate : Server 
> ======== User
> 
> The server and the user have a certificate. The server accepts all
> connection if it knows CA which signed the certificate of the user.
> 
> but to have a certificate my user have to submit a request to 
> a CA (my CA).
> So after having signed the user certificate request, the CA 
> send this user certificate to the user.
>   
> So now if someone intercepts this user certificate (coming 
> from the CA to the user), because this communication is not 
> encrypted, the  interceptor can now use the VPN......

No, they cannot - unless or course, the private key is NOT password
protected with a symmetric cipher. Furthermore, the imposter would have to
have possession of the private key itself.
  
> but I think (I hope) the authentication of the user is done 
> when this user try to connect the server, It is this point I 
> want to clear up. Even if the serveur knows the CA which has 
> signed the user certificate, the server should check if the 
> User is really the party the certificate was issued to (and 
> not the interceptor). 
> And for that the user must prove he has the private key 
> corresponding to the public key on "his" certificate.
> 
> So how does it work ?
> Does the server send a challenge encrypted with the user 
> public key, to the user , and wait for the response to 
> establish the VPN ?

This varies from implementation to implementation, but usually involves a
challenge-response similar to what you've described. I'm not sure how it
work with OpenSWAN - maybe Paul or Michael can fill you in on that.
Generally speaking, the server encrypts a random string/message with the
client's public key. If the client is able to decrypt the message, it then
digitally signs and returns the message.

> that's why openswan need to know the private key password set 
> in /etc/ipsec.secrets, to decrypt the challenge send by the server ?

Indirectly - yes. More directly, the password you set in ipsec.secrets is
used to decrypt the private key, which in turn proves you are the owner of
the key (b/c you know the password to decrypt and use it).

> I think this check is managed by IKE, but I read on rfc2409 
> that there are différent configurations for the IKE phase1 
> (chapter 5.Exchanges). 

Yes, certificate authentication is used during phase 1, similar to PSK's.

>which phase1 is used by default ?
> how to choose the phase 1 that I want ? in ipsec.conf ?

There are two different types of phase 1 - Aggressive Mode and Main Mode.
Aggressive Mode is inherently insecure and should not be used, unless you
have no other choice. OpenSWAN uses Main Mode by default, stick with it if
at all possible.

Please see http://en.wikipedia.org/wiki/PKI for further details

> regards
> david
> 
> Protek-on: CaraMail met en oeuvre un nouveau Concept de 
> Sécurité Globale - www.caramail.com

More information about the Users mailing list