Hi,
Like Keith, I'm a little confused as to what problem you're trying to solve by using the USB keys.
The location of the various keys is set in whichever configuration file you're using for the client. You should find that in /etc/openvpn. If you can make a usb key always mount in the same place then you should be able to reference a key on it.
You can make the keys openvpn uses require a passphrase. That way the keys are encrypted and not usable without the passphrase. If the key is presented to the server then server can be certain the user has the passphrase. The advantage of this approach is that if the user walks away and leaves an unlocked machine the key can be copied but the copy can't be used without the passphrase. With an encrypted stick the key can be copied and will automatically be decrypted so the copied key could be used by anyone.
Cheers,
Paul.
------Original Message------
From: Keith Edmunds
Sender: hampshire-bounces@???
To: Hampshire LUG Mailing List
ReplyTo: Hampshire LUG Mailing List
Subject: Re: [Hampshire] OpenVPN + TrueCrypt
Sent: 14 Aug 2009 07:46
On Fri, 14 Aug 2009 07:42:07 +0100, sanelson@??? said:
> I'm wondering how the
> openvpn client knows where to find the keys?
From the configuration file (the "ca", "cert" and "key" lines).
> am
> considering enhancing the security by having the users keep their keys
> on an encrypted USB stick.
It's not clear to me what problem you are attempting to solve - could you
elucidate?
Keith
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
.
Sent from my BlackBerry® wireless device
