lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA0BKn9uKnWEeCDU7Vx+IAQ8KAAAAQAAAA38EhHY8+Ck+1slq6R3cy1wEAAAAA@online.gateway.strangled.net>
Date: Sun Sep 18 03:34:37 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: PGPNet Upgrade path ?


gem@...lim.com Wrote : 

> IPSEC has nothing to do with PGP.  Also there is really no such thing
> as a PGP key.  PGP uses what ever key scheme you ask it to use.  IPSEC
> is the same way.  Both use keys, but are not themselves key standards.
> 
> OpenVPN similarly can use what ever key scheme you wish.  Since it is
> based on the OpenSSL crupto libs it is very flexible that way.  For
> simple setups you can use pre-shared keys.  For more complex setups
> you can use public/private key pairs of any type that OpenSSL 
> understands.

This is the main problem - how do I get PGP key server keys in a format
Openssl understand ? And I have implemented CA and ipsec vpn using 
freeSWAN.org + x.509 patch it works pretty nicely, but here in this 
case the public/private KEYs are in a different format... 


> IMHO, if OpenVPN does not do what you want then you misunderstand the
> problem.

The problem is very clear : how do I tranlate PGP keys to a format 
X.509 / openssl can understand ? I havent a solution to this one yet.



m@...j.nl Wrote :

> >I know for ipsec VPNs I could use the winxp's builtin 
> >But that would require moving all the PGP keys to 
> >X.509 certs.
> 
> Yes, absolutely. For OpenVPN you need to use X509 certs, you 
> will have to rework your whole PKI. However:

I have already used openvpn and (free|open|whatever)swan, have 
created openssl CA with batch files that run both on windows and 
linux/freebsd/solaris at other sites.... 

All these programs are great in own right but I cannot connect the
Dots.

> 
> So if you consider dropping PGP all together, have a look at OpenVPN.

This is the last option. If nothing is found then it is going to be openvpn 

But meanwhile 

I need a VPN that uses PGP keys for auth that are stored in PGP Key
Server, does not matter If it free or paid but if anyone know that
There is such a program please let me know.... 

Thank you in advance for the time taken to dig out the answers :)






________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3442 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050918/4e351c67/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ