[Swan] Info on DSA and ECDSA support

Andrew Cagney andrew.cagney at gmail.com
Mon Mar 16 18:35:49 UTC 2020

Is there a test?  Big chunks of the RSA vs ECDSA code were merged  -
so it would help us know where things fall short.

On Mon, 16 Mar 2020 at 13:50, Paul Wouters <paul at nohats.ca> wrote:
> On Mon, 16 Mar 2020, Cesar Pereida wrote:
> > Hey Libreswan folks,
> > What is the current status on supporting DSA and ECDSA during authentication?
> > In case they are supported, could you point me to simple commands to generate keys and configuration files using them?
> ECDSA is supported for the IKE authentication using authby=ecdsa and for
> certificate signatures. For generation of ECDSA cerrtificates, see the
> various tutorials for openssl or nss/certutil. You can find some
> examples we use for testing at:
> https://github.com/libreswan/libreswan/tree/master/testing/x509
> raw keys (eg public keys without certificates) do not yet support ECDSA.
> I'm not sure what you mean with "DSA", as the term is confusing. NIST
> uses this term for "Digital Signature Authentication".
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list