我需要使用我的Android 2.3.x手机来访问OpenVPN服务器。我有cm 7,支持openvpn和tun。我的主要关注点是我不知道将钥匙放在哪里。如果我的手机掌握在错误的手中,我就会把钥匙留在开放状态,我不能拥有它。
如果我有一个IC电话,我会有完整的文件系统加密,我会安全(r)。所以有另一种还是一些技术,我不知道这可以将证书和钥匙安全地存放在手机上?
我需要使用我的Android 2.3.x手机来访问OpenVPN服务器。我有cm 7,支持openvpn和tun。我的主要关注点是我不知道将钥匙放在哪里。如果我的手机掌握在错误的手中,我就会把钥匙留在开放状态,我不能拥有它。
如果我有一个IC电话,我会有完整的文件系统加密,我会安全(r)。所以有另一种还是一些技术,我不知道这可以将证书和钥匙安全地存放在手机上?
I need to use my Android 2.3.x phone to access an OpenVPN server. I have CM 7 with built in support for OpenVPN and tun. My main concern is that I don't know where to put the keys in. If my phone gets in the wrong hands, I'm leaving the keys out in the open and I can't have that.
If I had an ICS phone, I'd have full file system encryption and I'd be safe(r). So is there an alternative or some technique I'm not aware of that can store the certificates and the key securely on the phone?
如果维护OpenVPN服务器,则可以生成需要使用密码的密钥。该技术在 http://openvpn.net/index。 PHP /开源/文档/ howto.html#pki 。
滚动到标题生成证书&amp的部分; 3客户端的键。您将想使用 build-key-pass
脚本来生成受密码保护的密钥。如果您的手机陷入错误的手中,这将防止您的钥匙恶意使用,尽管我并不完全确定CM 7的OpenVPN实现是否支持它。
如果您没有使用 build-key-pass
生成并注册自己的键,那么实际上没有实用的方法来确保钥匙的安全而无需全设备加密。< / p>
If you maintain the OpenVPN server, you can generate keys that require a password to be used. The technique is described at http://openvpn.net/index.php/open-source/documentation/howto.html#pki.
Scroll to the section titled Generate certificates & keys for 3 clients. You will want to use the build-key-pass
script to generate a password-protected key. This will prevent your key from being used maliciously if your phone falls into the wrong hands, though I am not entirely sure if CM 7's OpenVPN implementation supports it.
If you don't have the ability to use build-key-pass
to generate and register your own keys, then there is really no practical way to ensure the safety of your key without full-device encryption.
好的,我在这里跳了枪,并在没有尝试首先尝试的问题。解决方案简单且非常安全。首先,在与 openssl pkcs12 -export -in android.cer -inkey android.key -certfile ca.crt -name android -out certs.p12
的服务器上,在组合服务器证书的服务器上创建一个pkcs12组合密钥。在此期间,您将发出解密密码。您可以完全安全地将该组合关键转移到SD卡。接下来,您将在Android Secure存储中导入其中,然后您可以删除PKCS12密钥。
之后,你很好,钥匙在密码保护的保险库中,因此无法访问任何其他人。不言而喻,您需要使用解锁密码保护手机。
OK, I've jumped the gun here and asked a question without trying things out first. The solution is simple and very secure. First, you create a PKCS12 combo-key on the server that combines the server certificate, the client certificate and key with openssl pkcs12 -export -in android.cer -inkey android.key -certfile ca.crt -name android -out certs.p12
. During that you hafta issue a decrypt password. You're perfectly safe transferring that combo-key to the SD card. Next, you import that in the Android secure storage and then you can delete the PKCS12 key.
After that, you're good to go, the keys are in a password protected vault and thus inaccessible to anyone else. It goes without saying that you need to protect your phone with a unlock password.
好的,我在这里跳了枪,并在没有尝试首先尝试的问题。解决方案简单且非常安全。首先,您在服务器上创建一个pkcs12组合密钥,将服务器证书,客户端证书和密钥与 abcdefghijklmn0
相结合。在此期间,您将发出解密密码。您可以完全安全地将该组合关键转移到SD卡。接下来,您将在Android Secure存储中导入其中,然后您可以删除PKCS12密钥。
之后,你很好,钥匙在密码保护的保险库中,因此无法访问任何其他人。不言而喻,您需要使用解锁密码保护手机。
OK, I've jumped the gun here and asked a question without trying things out first. The solution is simple and very secure. First, you create a PKCS12 combo-key on the server that combines the server certificate, the client certificate and key with openssl pkcs12 -export -in android.cer -inkey android.key -certfile ca.crt -name android -out certs.p12
. During that you hafta issue a decrypt password. You're perfectly safe transferring that combo-key to the SD card. Next, you import that in the Android secure storage and then you can delete the PKCS12 key.
After that, you're good to go, the keys are in a password protected vault and thus inaccessible to anyone else. It goes without saying that you need to protect your phone with a unlock password.
© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有