[Swan] RSA keys help
Paul Wouters
paul at nohats.ca
Wed Jan 23 18:16:43 UTC 2019
On Wed, 23 Jan 2019, Kostya Vasilyev wrote:
> Partial success (still a failure).
>
> I've exported
>
> - server's private and public keys from openssl format with plainrsa-gen
>
> - client's public key from openssl using plainrsa-gen
>
> I've put the server's private key into ipsec.secrets like this:
>
> 89.0.0.1 139.0.0.1 : RSA {
> # RSA 2048 bits
> # pubkey=0sAwEAAaJ..../3xyU=
> Modulus: ....
> }
This has no effect in recent libreswan's and is ignored.
> pluto[28048]: "mytunnel" #2: Can't find the certificate or private key from the NSS CKA_ID
> pluto[28048]: "mytunnel" #2: unable to locate my private key for RSA Signature
>
> ^^^ And this is bad, the server can't find its own private key when the client sends the public counterpart.
Because you must put the private key in NSS.
> Any ideas on how to make LibreSwan match its own public key in leftrsasigkey to the RSA { ... } key in *.secrets (which does get loaded)?
Not supported.
Paul
More information about the Swan
mailing list