[Swan] Info on DSA and ECDSA support
Paul Wouters
paul at nohats.ca
Mon Mar 16 17:50:45 UTC 2020
On Mon, 16 Mar 2020, Cesar Pereida wrote:
> Hey Libreswan folks,
> What is the current status on supporting DSA and ECDSA during authentication?
> In case they are supported, could you point me to simple commands to generate keys and configuration files using them?
ECDSA is supported for the IKE authentication using authby=ecdsa and for
certificate signatures. For generation of ECDSA cerrtificates, see the
various tutorials for openssl or nss/certutil. You can find some
examples we use for testing at:
https://github.com/libreswan/libreswan/tree/master/testing/x509
raw keys (eg public keys without certificates) do not yet support ECDSA.
I'm not sure what you mean with "DSA", as the term is confusing. NIST
uses this term for "Digital Signature Authentication".
Paul
More information about the Swan
mailing list