[Swan-dev] multiple RSA keys for rollover, ipsec.secrets, ckaid issues

Antony Antony antony at phenome.org
Thu Apr 13 12:06:58 UTC 2017

On Wed, Apr 12, 2017 at 09:37:37PM -0400, Paul Wouters wrote:
> I am looking at ensuring that RSA key rollover works. This is supposed
> to be supported via leftrsasigkey= and leftrsasigkey2=

Wouldn't a simple RSA keyrollover work with one key in the connection? May be you are thinking of an advanced case.

I tested a simple case for east and road. 
Initially road has one key, key A.  road is the initiator and it is going to rollover its key pair.

First update DNS IPSECKEY RR for road with the second key. Now it has two,  key A and key B.
Road only has one private key, key A, Which means ipsec.secrets has exactly one entry.

road initiate with key A.
east query dns and get two IPSECKEYs. east authenticate road with key A and connection establish.

After while road decide to rollver, bring down the connection load it with the second key.
Update the ispec.secrets with only key B.
Now road initiate with key B. East has both public keys and this time authenticate road with key B.

> I would expect to be able to load both keys using:
> conn test
> 	leftrsasigkey=0sKEY1
> 	leftrsasigkey2=0sKEY2
> 	[...]

Imagine road loaded both private keys. How would it choose the key to send ikev2 AUTH payload?
How would initiator know to rollover? There is no expire timer? Valid until like a CERT.


More information about the Swan-dev mailing list