Does insecure delivery of keys and certs make a VPN useless?
I had to install an OpenVPN service onto a fresh, disconnected computer, but the keys and certs were delivered through an insecure computer with a highly suspect connection.
Let's assume that the TLS Auth Key, CA Cert, Public Client Cert, and Public Client Key were all intercepted during delivery--wouldn't that render the VPN connection pointless? If I must manually enter or copy-paste these keys and certs into fields during VPN installation, how should I securely obtain the keys and certs?
The VPN has the following specs:
DATA CHANNEL CIPHERS
AES-256-CBC with HMAC-SHA1 for authentication
CONTROL CHANNEL CIPHERS
AES-256-GCM with HMAC-SHA384 for authentication
AES-256-CBC with HMAC-SHA1 for authentication
4096 bit RSA keys size
4096 bit Diffie-Hellman keys size
TLS Ciphers (IANA names): TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS additional authorization layer key: 2048 bit
Perfect Forward Secrecy through Diffie-Hellman key exchange DHE. After the initial key negotiation, re-keying is performed every 60 minutes (this value can be lowered unilaterally by the client)
