[Swan] Raw rsa keys and .secrets file
Paul Wouters
paul at nohats.ca
Mon Feb 24 21:28:34 UTC 2020
On Mon, 24 Feb 2020, Cesare Leonardi wrote:
> Hello, there is something not clear to me regarding .secrets file.
> I've read this:
> https://lists.libreswan.org/pipermail/swan/2018/002496.html
> And this (slide 13):
> https://libreswan.org/wiki/images/a/a5/DevConf2016-IPsec.pdf
>
> From these documents I understand that using raw RSA key with Libreswan
>> = 3.21, .secrets file is not required anymore. But in my tests I
> wasn't able to connect without it.
In theory in should work. In practise there is a catch22 issue we still
need to fix. For raw keys, to load the connection, we need to know the
keys are there, but to load the keys we need a connection.
We thought at some point it was no longer needed, but that was wrong.
Hence you seeing some confusion online. So yes, for raw (non-X.509)
keys, it is still needed. For X.509 certificates, it is not needed.
Paul
More information about the Swan
mailing list