Browse code
tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section
As kitsune1 mentioned in IRC, this section should explain that
"--tls-crypt-v2-genkey client" requires the user to supply the server
key using "--tls-crypt-v2".
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540981377-22752-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2018/10/31 19:22:57Showing 1 changed files
| ... | ... |
@@ -5314,6 +5314,11 @@ If no metadata is supplied, OpenVPN will use a 64\-bit unix timestamp |
| 5314 | 5314 |
representing the current time in UTC, encoded in network order, as metadata for |
| 5315 | 5315 |
the generated key. |
| 5316 | 5316 |
|
| 5317 |
+A tls\-crypt\-v2 client key is wrapped using a server key. To generate a |
|
| 5318 |
+client key, the user must therefore supply the server key using the |
|
| 5319 |
+.B \-\-tls\-crypt\-v2 |
|
| 5320 |
+option. |
|
| 5321 |
+ |
|
| 5317 | 5322 |
Servers can use |
| 5318 | 5323 |
.B \-\-tls\-crypt\-v2\-verify |
| 5319 | 5324 |
to specify a metadata verification command. |