Message ID | 20210822152820.7072-1-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Minor doc correction: tls-crypt-v2 key generation | expand |
Am 22.08.21 um 17:28 schrieb selva.nair@gmail.com: > From: Selva Nair <selva.nair@gmail.com> Makes sense. Acked-By: Arne Schwabe <arne@rfc2549.org>
Hi, On Sun, Aug 22, 2021 at 11:28:20AM -0400, selva.nair@gmail.com wrote: > From: Selva Nair <selva.nair@gmail.com> > > Signed-off-by: Selva Nair <selva.nair@gmail.com> > --- > doc/tls-crypt-v2.txt | 4 ++-- > src/openvpn/options.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) I assume this is for master and 2.5? gert
Hi, On Mon, Aug 23, 2021 at 4:17 AM Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Sun, Aug 22, 2021 at 11:28:20AM -0400, selva.nair@gmail.com wrote: > > From: Selva Nair <selva.nair@gmail.com> > > > > Signed-off-by: Selva Nair <selva.nair@gmail.com> > > --- > > doc/tls-crypt-v2.txt | 4 ++-- > > src/openvpn/options.c | 2 +- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > I assume this is for master and 2.5? > Yes, please. I forgot to indicate that in the submission. Selva <div dir="ltr"><div dir="ltr"><br></div>Hi,<div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 23, 2021 at 4:17 AM Gert Doering <<a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br> On Sun, Aug 22, 2021 at 11:28:20AM -0400, <a href="mailto:selva.nair@gmail.com" target="_blank">selva.nair@gmail.com</a> wrote:<br> > From: Selva Nair <<a href="mailto:selva.nair@gmail.com" target="_blank">selva.nair@gmail.com</a>><br> > <br> > Signed-off-by: Selva Nair <<a href="mailto:selva.nair@gmail.com" target="_blank">selva.nair@gmail.com</a>><br> > ---<br> > doc/tls-crypt-v2.txt | 4 ++--<br> > src/openvpn/options.c | 2 +-<br> > 2 files changed, 3 insertions(+), 3 deletions(-)<br> <br> I assume this is for master and 2.5?<br></blockquote><div><br></div><div>Yes, please. I forgot to indicate that in the submission.</div><div><br></div><div>Selva</div></div></div></div>
Documentation is good, correct documentation is better :-) - thanks. Your patch has been applied to the master and release/2.5 branch. commit 6ee1a272d9ce9b7863487146c3ce141a98f16773 (master) commit 96083a9150edd90a6641477d123324cf0885853e (release/2.5) Author: Selva Nair Date: Sun Aug 22 11:28:20 2021 -0400 Minor doc correction: tls-crypt-v2 key generation Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20210822152820.7072-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22747.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/doc/tls-crypt-v2.txt b/doc/tls-crypt-v2.txt index 3798791f..f6a6a139 100644 --- a/doc/tls-crypt-v2.txt +++ b/doc/tls-crypt-v2.txt @@ -58,7 +58,7 @@ Implementation When setting up a tls-crypt-v2 group (similar to generating a tls-crypt or tls-auth key previously): -1. Generate a tls-crypt-v2 server key using OpenVPN's ``--tls-crypt-v2-genkey server``. +1. Generate a tls-crypt-v2 server key using OpenVPN's ``--genkey tls-crypt-v2-server``. This key contains 2 512-bit keys, of which we use: * the first 256 bits of key 1 as AES-256-CTR encryption key ``Ke`` @@ -73,7 +73,7 @@ tls-auth key previously): When provisioning a client, create a client-specific tls-crypt key: -1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--tls-crypt-v2-genkey client`` +1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--genkey tls-crypt-v2-client`` 2. Optionally generate metadata diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7e146db9..0e398c0f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -614,7 +614,7 @@ static const char usage_message[] = " see --secret option for more info.\n" "--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n" " For servers: use key to decrypt client-specific keys. For\n" - " key generation (--tls-crypt-v2-genkey): use key to\n" + " key generation (--genkey tls-crypt-v2-client): use key to\n" " encrypt generated client-specific key. (See --tls-crypt.)\n" "--genkey tls-crypt-v2-client [keyfile] [base64 metadata]: Generate a\n" " fresh tls-crypt-v2 client key, and store to\n"