This is the command openvpn-vulnkey that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
openvpn-vulnkey — check blacklist of compromised keys
SYNOPSIS
openvpn-vulnkey [-q] file ...
DESCRIPTION
openvpn-vulnkey checks a key against a blacklist of compromised keys.
A substantial number of keys are known to have been generated using a broken version of
OpenSSL distributed by Debian which failed to seed its random number generator correctly.
Keys generated using these OpenSSL versions should be assumed to be compromised. This tool
may be useful in checking for such OpenVPN shared static keys. See openssl-vulnkey(1) for
details on checking SSL/TLS certificates.
Keys that are compromised cannot be repaired; replacements must be generated using
openvpn(8). Shared keys can be regenerated with:
$ openvpn --genkey --secret file
The options are as follows:
-q Quiet mode. openvpn-vulnkey(1). Normally, openvpn-vulnkey outputs the fingerprint
of each key scanned, with a description of its status. This option suppresses that
output.
BLACKLIST MD5SUM FORMAT
The blacklist file may start with comments, on lines starting with “#”. After these initial
comments, it must follow a strict format:
· Each line must consist of the lower-case hexadecimal MD5 key fingerprint, and with
the first 12 characters removed (that is, the least significant 80 bits of the
fingerprint).
The key fingerprint may be generated using
$ cat file.pem | sed '/^[^0-9a-f]/d' | md5sum | cut -d ' ' -f 1
This strict format is necessary to allow the blacklist file to be checked quickly.
Use openvpn-vulnkey online using onworks.net services
