[Swan] RSA keys help

Kostya Vasilyev kman at fastmail.com
Wed Jan 23 16:55:54 UTC 2019 

OK got things to work - using a weird workaround.

Still couldn't get LibreSwan server to match up its own public key defined as leftrsasig=... in *.conf to the private key defined as RSA { ... }  in *secrets

What I did instead was:

There is a way to pick an RSA key from a certificate:

leftcert=cert name in NSS
leftrsasigkey=%cert

I already had some certificates around from attempting to get them to work.

I imported a cert into NSS on the server

pk12util -d sql:/var/lib/ipsec/nss/ -i mytunnel_server_2.p12 -W ""

and used the above two config lines to have LibreSwan pick up just the RSA keys from the cert (both private and public) for its own side.

Then for the client side, I exported the server cert and its public key like this:

openssl pkcs12 -in "server.p12" -out "server.crt" -clcerts -nokeys

openssl x509 -pubkey -noout -in "server.crt" > "server.pubkey"

Imported server.pubkey file into Mikrotik and assigned as the server's public key.

Viola! It worked!

Connection is up, packets are flowing!

To be clear this is not cert auth (which I can't get to work with Mikrotik client... hopefully I'll get a response on that one) - this is RSA key auth where the server keys come from a certificate imported into NSS.

Still - either I can't find the right conf syntax to have the server find its own RSA { ... } private key in a *.secrets file, or if one doesn't exist, it looks like a design issue that has a bad impact on interop (key management, where the "other" side can't use NSS).

Any LibreSwan developers here?

I'd appreciate it if you could please comment on this one?

-- 
Kostya Vasilyev
kman at fastmail.com

On Wed, Jan 23, 2019, at 6:35 PM, Kostya Vasilyev wrote:
> Partial success (still a failure).
> 
> I've exported
> 
> - server's private and public keys from openssl format with plainrsa-gen
> 
> - client's public key from openssl using plainrsa-gen
> 
> I've put the server's private key into ipsec.secrets like this:
> 
> 89.0.0.1 139.0.0.1 : RSA {
> 	# RSA 2048 bits
> 	# pubkey=0sAwEAAaJ..../3xyU=
> 	Modulus: ....
> }
> 
> I've put server's public key and client's public key into ipsec.conf like this:
> 
> leftrsasigkey=0sAwEAAaJEjt4.../3xyU=
> rightrsasigkey=0sAwEAAcV....QRRbQ0=
> 
> And configured the client (Mikrotik) to use the already imported there 
> openssl keys (its own public and private and server's public).
> 
> LibreSwan log:
> 
> pluto[28048]: loading secrets from "/etc/ipsec.d/mikrotik.secrets"
> pluto[28048]: loaded private key for keyid: PKK_RSA:AwEAAaJEj
> 
> ^^^ Good, it sees the RSA { ... } key in *.secrets and knows it's a private key
> 
> pluto[28048]: "mytunnel" #2: Peer ID is ID_IPV4_ADDR: '89.0.0.1'
> kman.mobi pluto[28048]: "mytunnel" #2: Authenticated using RSA
> 
> ^^^ Good, the client's rsa key auth on rightrsasigkey= works
> 
> pluto[28048]: "mytunnel" #2: Can't find the certificate or private key 
> from the NSS CKA_ID
> pluto[28048]: "mytunnel" #2: unable to locate my private key for RSA 
> Signature
> 
> ^^^ And this is bad, the server can't find its own private key when the 
> client sends the public counterpart.
> 
> Looks like it still tries to look in NSS.
> 
> Any ideas on how to make LibreSwan match its own public key in 
> leftrsasigkey to the RSA { ... } key in *.secrets (which does get 
> loaded)?
> 
> I'd use Racoon which isn't tied to NSS - but it doesn't do sha2 or 
> aesgcm and hasn't been maintained since 2014...
> 
> -- 
> Kostya Vasilyev
> kman at fastmail.com
> 
> On Wed, Jan 23, 2019, at 6:13 PM, Kostya Vasilyev wrote:
> > Hmm... Something interesting.
> > 
> > ipsec-tools has a utility called plainrsa-gen which can generate RFC 
> > 3110 format keys.
> > 
> > Output looks like this (this is a 512 bit key for brevity):
> > 
> > # : PUB 0sAQPBu6FSgczYJ5jjqE4rQj1m2PIC2oiHL4h6VhicQRP3xQ==
> > : RSA	{
> > 	# RSA 256 bits
> > 	# pubkey=0sAQPBu6FSgczYJ5jjqE4rQj1m2PIC2oiHL4h6VhicQRP3xQ==
> > 	Modulus: 
> > 0xc1bba15281ccd82798e3a84e2b423d66d8f202da88872f887a56189c4113f7c5
> > 	PublicExponent: 0x03
> > 	PrivateExponent: 
> > 0x8127c0e1abdde56fbb4270341cd6d398bd0376dfa632f2f89b0118b27d89edeb
> > 	Prime1: 0xe1006e0fedd5b3ceeb23d3af2552cd5d
> > 	Prime2: 0xdc6c627b21650f44a6b09fe15f724589
> > 	Exponent1: 0x9600495ff3e3cd349cc28d1f6e373393
> > 	Exponent2: 0x92f2ec5216435f8319cb1540ea4c2e5b
> > 	Coefficient: 0xcbfd904423e9e83f8363823d512e9b87
> >   }
> > 
> > On my Fedora home system, it can also import from openssl private / 
> > public format key files (not on Debian where I have LibreSwan but that 
> > doesn't matter I can do the conversion on Fedora).
> > 
> > And unless this documentation is outdated, I should be able to put the 
> > server's private key into ipsec.secrets (not NSS) even with LibreSwan:
> > 
> > https://libreswan.org/man/ipsec.secrets.5.html
> > 
> > The public keys (both the server's and the client's) can go into 
> > {left,right}rsasigkey in ipsec.conf as described here:
> > 
> > https://libreswan.org/man/ipsec.conf.5.html
> > 
> > and here:
> > 
> > https://libreswan.org/wiki/Host_to_host_VPN 
> > 
> > I'll be trying this now, will report back.
> > 
> > -- 
> > Kostya Vasilyev
> > kman at fastmail.com
> > 
> > On Wed, Jan 23, 2019, at 5:50 PM, Kostya Vasilyev wrote:
> > > Re: keys only auth
> > > 
> > > I'm following this guide:
> > > 
> > > https://libreswan.org/wiki/Host_to_host_VPN
> > > 
> > > Which is under:
> > > 
> > > https://libreswan.org/wiki/Configuration_examples
> > > 
> > > As you can see it uses NSS for key generation and storage.
> > > 
> > > I actually got rsa key auth to work with StrongSwan but it seems less 
> > > stable than Libre (was dropping connections and slow to re-establish).
> > > 
> > > Yes I know the syntax for adding alt subject names, thanks. The problem 
> > > is Mikrotik wants something specific there (from server cert) and I 
> > > can't figure out what, it seems undocumented. Some people say it wants 
> > > an email address (any email address) but that didn't work.
> > > 
> > > Anyway to keep from straying too far...
> > > 
> > > ...has anyone used rsa key *only* auth with Libre where the other side 
> > > was a different system (not Libre)? How did you manage your keys?
> > > 
> > > Any suggestions on keys management?
> > > 
> > > -- 
> > > Kostya Vasilyev
> > > kman at fastmail.com
> > > 
> > > On Wed, Jan 23, 2019, at 5:41 PM, Derek Cameron wrote:
> > > > Yes, my use case included both the certificate and the private key for
> > > > the client. I have never heard of authentication with only a key and
> > > > no certificate, except in the case of a preshared key (PSK). I added
> > > > the subjectAltName to the client certificate with the -8 switch. e.g.
> > > > 
> > > > certutil -S -c "ExampleCA" -n "client1.example.com" -s
> > > > "O=Example,CN=client1.example.com" -k rsa -v 12 -d sql:test -t ",," -1
> > > > -6 -8 "client1.example.com"
> > > > 
> > > > On Wed, Jan 23, 2019 at 6:27 AM Kostya Vasilyev <kman at fastmail.com> wrote:
> > > > >
> > > > > Were you exporting keys that are part of some certificates?
> > > _______________________________________________
> > > Swan mailing list
> > > Swan at lists.libreswan.org
> > > https://lists.libreswan.org/mailman/listinfo/swan
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list