1e31 Vars file after editing - Telecomix Crypto Munitions Bureau

Vars file after editing

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

This is how your vars file could look after you have edited it. You should invent your own stuff for the organizational variables. Do not just copy this example. The rows where I have changed something is marked with smileys. 

# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"


# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid.  This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048                                                         # :)

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="ZZ"                                                      # :D
export KEY_PROVINCE="ZZ"                                                     # :]
export KEY_CITY="Internets"                                                  # :*
export KEY_ORG="Killer Clowns from Outer Space"                              # :O
export KEY_EMAIL="do@not.mail.me"                                            # :P

I am using ZZ for the country code, because it is the standard for unspecified. I am using ZZ as the country code for internets, it is everywhere and nowhere. I think the KEY_ORG is the most important one, but what you write here 1ab4 does not really matter at all. The names will however be what people will see if they look at the certificates that you give to them.

Maybe it would be a good idea not to write anything that can be used to find out any information about who you are.

[edit] See also

Retrieved from "https://cryptoanarchy.org/wiki/Vars_file_after_editing"
Personal tools
0