[Swan] RSA keys help

Kostya Vasilyev kman at fastmail.com
Wed Jan 23 15:35:43 UTC 2019 

Partial success (still a failure).

I've exported

- server's private and public keys from openssl format with plainrsa-gen

- client's public key from openssl using plainrsa-gen

I've put the server's private key into ipsec.secrets like this:

89.0.0.1 139.0.0.1 : RSA {
	# RSA 2048 bits
	# pubkey=0sAwEAAaJ..../3xyU=
	Modulus: ....
}

I've put server's public key and client's public key into ipsec.conf like this:

leftrsasigkey=0sAwEAAaJEjt4.../3xyU=
rightrsasigkey=0sAwEAAcV....QRRbQ0=

And configured the client (Mikrotik) to use the already imported there openssl keys (its own public and private and server's public).

LibreSwan log:

pluto[28048]: loading secrets from "/etc/ipsec.d/mikrotik.secrets"
pluto[28048]: loaded private key for keyid: PKK_RSA:AwEAAaJEj

^^^ Good, it sees the RSA { ... } key in *.secrets and knows it's a private key

pluto[28048]: "mytunnel" #2: Peer ID is ID_IPV4_ADDR: '89.0.0.1'
kman.mobi pluto[28048]: "mytunnel" #2: Authenticated using RSA

^^^ Good, the client's rsa key auth on rightrsasigkey= works

pluto[28048]: "mytunnel" #2: Can't find the certificate or private key from the NSS CKA_ID
pluto[28048]: "mytunnel" #2: unable to locate my private key for RSA Signature

^^^ And this is bad, the server can't find its own private key when the client sends the public counterpart.

Looks like it still tries to look in NSS.

Any ideas on how to make LibreSwan match its own public key in leftrsasigkey to the RSA { ... } key in *.secrets (which does get loaded)?

I'd use Racoon which isn't tied to NSS - but it doesn't do sha2 or aesgcm and hasn't been maintained since 2014...

-- 
Kostya Vasilyev
kman at fastmail.com

On Wed, Jan 23, 2019, at 6:13 PM, Kostya Vasilyev wrote:
> Hmm... Something interesting.
> 
> ipsec-tools has a utility called plainrsa-gen which can generate RFC 
> 3110 format keys.
> 
> Output looks like this (this is a 512 bit key for brevity):
> 
> # : PUB 0sAQPBu6FSgczYJ5jjqE4rQj1m2PIC2oiHL4h6VhicQRP3xQ==
> : RSA	{
> 	# RSA 256 bits
> 	# pubkey=0sAQPBu6FSgczYJ5jjqE4rQj1m2PIC2oiHL4h6VhicQRP3xQ==
> 	Modulus: 
> 0xc1bba15281ccd82798e3a84e2b423d66d8f202da88872f887a56189c4113f7c5
> 	PublicExponent: 0x03
> 	PrivateExponent: 
> 0x8127c0e1abdde56fbb4270341cd6d398bd0376dfa632f2f89b0118b27d89edeb
> 	Prime1: 0xe1006e0fedd5b3ceeb23d3af2552cd5d
> 	Prime2: 0xdc6c627b21650f44a6b09fe15f724589
> 	Exponent1: 0x9600495ff3e3cd349cc28d1f6e373393
> 	Exponent2: 0x92f2ec5216435f8319cb1540ea4c2e5b
> 	Coefficient: 0xcbfd904423e9e83f8363823d512e9b87
>   }
> 
> On my Fedora home system, it can also import from openssl private / 
> public format key files (not on Debian where I have LibreSwan but that 
> doesn't matter I can do the conversion on Fedora).
> 
> And unless this documentation is outdated, I should be able to put the 
> server's private key into ipsec.secrets (not NSS) even with LibreSwan:
> 
> https://libreswan.org/man/ipsec.secrets.5.html
> 
> The public keys (both the server's and the client's) can go into 
> {left,right}rsasigkey in ipsec.conf as described here:
> 
> https://libreswan.org/man/ipsec.conf.5.html
> 
> and here:
> 
> https://libreswan.org/wiki/Host_to_host_VPN 
> 
> I'll be trying this now, will report back.
> 
> -- 
> Kostya Vasilyev
> kman at fastmail.com
> 
> On Wed, Jan 23, 2019, at 5:50 PM, Kostya Vasilyev wrote:
> > Re: keys only auth
> > 
> > I'm following this guide:
> > 
> > https://libreswan.org/wiki/Host_to_host_VPN
> > 
> > Which is under:
> > 
> > https://libreswan.org/wiki/Configuration_examples
> > 
> > As you can see it uses NSS for key generation and storage.
> > 
> > I actually got rsa key auth to work with StrongSwan but it seems less 
> > stable than Libre (was dropping connections and slow to re-establish).
> > 
> > Yes I know the syntax for adding alt subject names, thanks. The problem 
> > is Mikrotik wants something specific there (from server cert) and I 
> > can't figure out what, it seems undocumented. Some people say it wants 
> > an email address (any email address) but that didn't work.
> > 
> > Anyway to keep from straying too far...
> > 
> > ...has anyone used rsa key *only* auth with Libre where the other side 
> > was a different system (not Libre)? How did you manage your keys?
> > 
> > Any suggestions on keys management?
> > 
> > -- 
> > Kostya Vasilyev
> > kman at fastmail.com
> > 
> > On Wed, Jan 23, 2019, at 5:41 PM, Derek Cameron wrote:
> > > Yes, my use case included both the certificate and the private key for
> > > the client. I have never heard of authentication with only a key and
> > > no certificate, except in the case of a preshared key (PSK). I added
> > > the subjectAltName to the client certificate with the -8 switch. e.g.
> > > 
> > > certutil -S -c "ExampleCA" -n "client1.example.com" -s
> > > "O=Example,CN=client1.example.com" -k rsa -v 12 -d sql:test -t ",," -1
> > > -6 -8 "client1.example.com"
> > > 
> > > On Wed, Jan 23, 2019 at 6:27 AM Kostya Vasilyev <kman at fastmail.com> wrote:
> > > >
> > > > Were you exporting keys that are part of some certificates?
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list