[Swan] RSA keys help

Paul Wouters paul at nohats.ca
Wed Jan 23 18:28:29 UTC 2019

On Wed, 23 Jan 2019, Kostya Vasilyev wrote:

> It would be nice if NSS supported importing / exporting openssl *keys* directly, including private keys, to make key management easier, but I understand it's an external (to libreswan) piece of software.

Yeah, we have talked to the NSS people about that. It's hard for them to
do since they try to not allow exporting private keys at all, unless
wrapped in something (eg like p12) for FIPS reasons.

> I also understand that "real" cert based auth is more common (or else people probably contend with PSK...)

I'm glad you are not using PSK, as it is the weakest method. I even
presented on this recently at IETF:


So thanks for sticking with non-PSK authentication :)


More information about the Swan mailing list