[Swan] ECDSA Re: Libreswan 4.6: connection IKEv2 win10 to Linux freezes soon after Android device connects

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Sat Jan 15 21:30:36 EET 2022

On 1/14/2022 10:01 PM, Paul Wouters wrote:

> You can look at our python code for generating CAs, certs et all that
> generates a bunch of different (normal and very weird) things:
> https://raw.githubusercontent.com/libreswan/libreswan/main/testing/x509/dist_certs.py 

I have tried it, but I really do not know how to install .pem or .crt 
and .key into Windows 10 Local Machine key store, let alone how to 
organize key distribution of keys without a password.

It would be optimal if my modified script for -k ec -q secp384r1 worked, 
but alas no luck with that thus far.

In the end, RSA certs work just fine, I have also tried the strongswan 
client on Android and it is OK, though slightly slower than the native 
connection. ECDSA is just the final touch, it would be nice if that 
worked, but for IKEv2 working I am very grateful and thank the LORD and 
good Heavens!

I am really motivated by your policy to support people from all 
backgrounds and all walks of life. I feel motivated to contribute to the 
team in a supportive working atmosphere.

If I could finish this EC certs problem, that would be just fine because 
I hate to quit. I must be doing *something* wrong because this seems to 
have been supported in Windows 8.1 already: 

So, eventually I will think of something, but right now I feel like I'm 
out of options.
I just can't explain why Windows 10 can't see the generated .p12 ECDSA 
cert in the store.

Kind regards,

Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355

More information about the Swan mailing list