Skip to content
This repository has been archived by the owner on Mar 19, 2022. It is now read-only.

OpenVPNAdapter with SecIdentity #202

Open
aevtyushin opened this issue Apr 6, 2021 · 1 comment
Open

OpenVPNAdapter with SecIdentity #202

aevtyushin opened this issue Apr 6, 2021 · 1 comment

Comments

@aevtyushin
Copy link

aevtyushin commented Apr 6, 2021
edited
Loading

Is it possible to use OpenVPNAdapter with SecIdentity?

We are currently using the following approach:

  • Get the .pfx file from the server;
  • Using openSSL, gets a privateKey and a cert (save them in the Keychain);
  • Add them to OpenVPNConfiguration when connected:
    let configuration = OpenVPNConfiguration() configuration.settings = [ "cert": cert, "key": key ]

We would like to change the situation:

  • Generate privateKey in Secure Enclave on the device;
  • Create a CSR file and send it to the server;
  • Get the cert (and save it in the Keychain);
  • When connecting a VPN, we use SecIdentity (which contains a link to the private key and certificate).

Is it possible?

In the description of openvpn3 I found the following:
image
image

But I still haven't figured out how to use it.
Do you have examples?
@ss-abramchuk
Copy link
Owner

Hi @aevtyushin,

Alas, but I can't give you exact answer. Probably, with external PKI it is possible but I didn't have a chance to check it. And currently, OpenVPNAdapter doesn't expose this feature, so it will require some work at first.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ss-abramchuk @aevtyushin