1

More or less just clarification requested?

If I'm a "NEW" client for VPN the only way I can access the Server's VPN that I'm trying to join says I have to know a secret shared key...(This is their standard)....

How can they securely send this shared key to this new client?

One way I have developed is I created an app that will take any phrase, encrypt it and provide that key to the user...

This will ensure that they have the same key...

But if someone developed an app using the same encryption method and had the "phrase" they could potentially have the same key?

Any thoughts?

CA Martin
  • 111
  • 3

2 Answers2

1

The client connects to the VPN server using HTTPS, presents himself there in a way they deem acceptable (usually by filling a sign up form, perhaps also performing a payment). The VPN server provides him the data he needs for the connection (that included the preshared key).

Your approach of "created an app that will take any phrase, encrypt it and provide that key to the user" does not work, because you are simply changing the problem of providing the shared key to the user to providing the phrase used to derive the shared key (note: I would consider what you describe a case for hashing, not for encryption).

Ángel
  • 18,188
  • 3
  • 26
  • 63
  • Yes that's just because they want me to enter a shared Key that is stored in the VPN... so i have to know it somehow... – CA Martin Oct 09 '19 at 01:45
  • They usually provide that to you over a secure channel, @CAMartin. This is not a strange event. – Ángel Oct 09 '19 at 01:47
  • you mean via an HTTPS web portal or such? – CA Martin Oct 09 '19 at 05:46
  • { because you are simply changing the problem of providing the shared key to the user to providing the phrase used to derive the shared key (note: I would consider what you describe a case for hashing, not for encryption).} Actually the app has Encryption with Hashing.. – CA Martin Oct 09 '19 at 05:48
  • Yes, a HTTPS web portal is what is normally used. – Ángel Oct 09 '19 at 22:58
-1

Unless I am missing something but the solution could be to share that key using a password manager. Not naming any service but this could be a great solution. In case the org does not use a password manager, there is great open source service onetime secret. You can investigate their code on GitHub

sec-social
  • 11
  • 2