[Swan] Info on DSA and ECDSA support

Paul Wouters paul at nohats.ca
Mon Mar 16 17:50:45 UTC 2020

On Mon, 16 Mar 2020, Cesar Pereida wrote:

> Hey Libreswan folks,
> What is the current status on supporting DSA and ECDSA during authentication? 
> In case they are supported, could you point me to simple commands to generate keys and configuration files using them?

ECDSA is supported for the IKE authentication using authby=ecdsa and for
certificate signatures. For generation of ECDSA cerrtificates, see the
various tutorials for openssl or nss/certutil. You can find some
examples we use for testing at:


raw keys (eg public keys without certificates) do not yet support ECDSA.

I'm not sure what you mean with "DSA", as the term is confusing. NIST
uses this term for "Digital Signature Authentication".


More information about the Swan mailing list