[Swan] Info on DSA and ECDSA support
Andrew Cagney
andrew.cagney at gmail.com
Mon Mar 16 18:35:49 UTC 2020
Is there a test? Big chunks of the RSA vs ECDSA code were merged -
so it would help us know where things fall short.
On Mon, 16 Mar 2020 at 13:50, Paul Wouters <paul at nohats.ca> wrote:
>
> On Mon, 16 Mar 2020, Cesar Pereida wrote:
>
> > Hey Libreswan folks,
> > What is the current status on supporting DSA and ECDSA during authentication?
> > In case they are supported, could you point me to simple commands to generate keys and configuration files using them?
>
> ECDSA is supported for the IKE authentication using authby=ecdsa and for
> certificate signatures. For generation of ECDSA cerrtificates, see the
> various tutorials for openssl or nss/certutil. You can find some
> examples we use for testing at:
>
> https://github.com/libreswan/libreswan/tree/master/testing/x509
>
> raw keys (eg public keys without certificates) do not yet support ECDSA.
>
> I'm not sure what you mean with "DSA", as the term is confusing. NIST
> uses this term for "Digital Signature Authentication".
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list