wiki:network_mana:vpn_client
Differences
This shows you the differences between two versions of the page.
|
wiki:network_mana:vpn_client [2019/09/25 16:27] ghi created |
wiki:network_mana:vpn_client [2019/09/25 16:40] (current) ghi |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| The //ProvenCore// manages secrets. The secrets are stored on the //TrustZone// in different blocks, which are designated by an integer index. Uploading secrets to a block is protected by a password (the //ProvenCore// password) that has to be provisioned beforehand. | The //ProvenCore// manages secrets. The secrets are stored on the //TrustZone// in different blocks, which are designated by an integer index. Uploading secrets to a block is protected by a password (the //ProvenCore// password) that has to be provisioned beforehand. | ||
| - | To upload a secret to a block, one must first cipher it with the ''pnrcipher.py'' tool ([[wiki:common_resources#tools|available here]]), using the //ProvenCore// password. The application using the //ProvenCore// software (VPN client) is set to use each block for a different purpose, and a ciphered configuration file is needed in some specific block. The secret keys (in P12 archive form) are stored in some other blocks, told by the configuration files. | + | To upload a secret to a block, one must first cipher it with the ''pnrcipher.py'' tool ([[wiki:resources:resources#tools|available here]]), using the //ProvenCore// password. The application using the //ProvenCore// software (VPN client) is set to use each block for a different purpose, and a ciphered configuration file is needed in some specific block. The secret keys (in P12 archive form) are stored in some other blocks, told by the configuration files. |
| The files are processed as: | The files are processed as: | ||
| Line 36: | Line 36: | ||
| ==== Creating the PKCS#12 file ===== | ==== Creating the PKCS#12 file ===== | ||
| - | It is advised to follow the procedure described on the [[ wiki:vpn_pki|PKI management ]] page. Otherwise, here are some basic instructions. | + | It is advised to follow the procedure described on the [[ wiki:network_mana:vpn_pki|PKI management ]] page. Otherwise, here are some basic instructions. |
| The P12 file should contain the host certificate and key, and the certificates up to the root of trust. | The P12 file should contain the host certificate and key, and the certificates up to the root of trust. | ||
| Line 56: | Line 56: | ||
| Before transferring the secrets to the gateway, prepare them for upload using a Linux machine. Ubuntu 16.04 is recommended. | Before transferring the secrets to the gateway, prepare them for upload using a Linux machine. Ubuntu 16.04 is recommended. | ||
| - | The encryption of these files is done using the ''pnrcipher.py'' tool ([[wiki:common_resources#tools|available here]]). It requires the ''python3-crypto'' package on your Linux box, which can be installed with: | + | The encryption of these files is done using the ''pnrcipher.py'' tool ([[wiki:resources:resources#tools|available here]]). It requires the ''python3-crypto'' package on your Linux box, which can be installed with: |
| <code bash>sudo apt-get install python3-crypto</code> | <code bash>sudo apt-get install python3-crypto</code> | ||
wiki/network_mana/vpn_client.1569421675.txt.gz · Last modified: 2019/09/25 16:27 by ghi
