Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

SecureVNC plugin 2.4.0.0 info

Should you have problems with the DSM plugin, here's the place to look for help or report issues
Post Reply
splintercode
8
8
Posts: 14
Joined: 2010-09-10 14:46

SecureVNC plugin 2.4.0.0 info

Post by splintercode »

Hello, I need some clarifications about SecureVNC plugin 2.4.0.0.

I have done some test, but I don't understand some elements.

- The client authentication keys, *Server_ClientAuth.pubkey and *Viewer_ClientAuth.pkey will be used by the server to authenticate the client.

OK, but usually during the creation of a pair of public/private key is recommended to use a passphrase.
WinVNC during the building which passphrase will be used? Is it the same that is present on the dialog of WinVnc where I can Generate Client authentication Key?
If will not be used any passphrase, how will the VncViewer verify that the private key *Viewer_ClientAuth.pkey is correct?

The contents of the *Server_ClientAuth.pubkey and *Viewer_ClientAuth.pkey has not the same format of the file generated from tools like gpg, and seems to be encrypted.
How were they built?

The RSA size affects the size of the client authentication keys that you generate, and the public key that are automatically generate by the server?.
The vncviewer client where will look for the corresponding private key?

Thank you for your patience.
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6863
Joined: 2004-04-23 10:21
Contact:

Re: SecureVNC plugin 2.4.0.0 info

Post by Rudi De Vos »

plugin without passphrase or key : Use vnc passwd as part of the key
Server and viewer exchange using DH a key

plugin with passphrase: passphrase is used as part of the key
DH exchange the key

plugin with key
You manual need to exchange the key, this key also act as authentication ( it's like a 2024 char pass)

You first generate a private.key
openssl genrsa -des3 -out private.pem 2048
From the private key you derive a public
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Vierwer is able to verify if public is genarted from private

See
https://www.openssl.org/docs/man1.0.2/m ... ey_ex.html
splintercode
8
8
Posts: 14
Joined: 2010-09-10 14:46

Re: SecureVNC plugin 2.4.0.0 info

Post by splintercode »

Thank you mr. Rudi

But during the creation of the private key
>>openssl genrsa -des3 -out private.pem 2048
which passphrase is used? The same password that I typed during the creation of the public/private key, from the plugin configuration mask?

I have tried compiling the source of WinVnc, indicating to the plugin via CDSMPlugin::SetPluginParams() another passphrase.
Keeping the same public and private keys of course, running the VNCViewer the connection is accepted only if I type the same passphare indicated during the call to CDSMPlugin::SetPluginParams()

So, which is the passphrase used on the creation on the pubblic/private key?

Thanks for any clarification.
Post Reply