<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hi Martin,</span></div><div><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>Here's the detail output for the original "key integrity failed" error.</span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>It seems to inciate that the "ASN1 tag 0x30 expected, but is 0x02 log message" is related to some PKCS#8 vs. traditional standard format issue. This is what our setup is generating using our Openssl0.9.8q + OCF cryptodev engine?</span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px;
font-style: normal; background-color: transparent;"><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>I used the openssl command line on our setup to generate the key.</span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span><a href="mailto:root@devux03gw2:/">root@devux03gw2:/</a># openssl req -new -newkey rsa:2048 -nodes -subj '/CN=devux03gw2.uxdev.com/O=Sonus/OU=Symphony/C=US/ST=IL/L=Schaumburg' -keyout mykey2.pem -out myreq2.pem <br>RSA_PKCS1_SSLeay<br>Generating a 2048 bit RSA private key<br>RSA_PKCS1_SSLeay<br>RSA_new_method no
engine<br>rsa->meth->rsa_keygen<br>RSA_eay_keygen<br>............................................................................................+++<br>......................................+++<br>writing new private key to 'mykey2.pem'<br>-----<br>RSA_eay_private_encrypt: padding = 1</span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>00[ASN] -----BEGIN RSA PRIVATE KEY-----<br>00[ASN] -----END RSA PRIVATE KEY-----<br>00[ASN] L0 -
RSAPrivateKey:<br>00[ASN] L1 - version:<br>00[ASN] => 1 bytes @ 0x2675e<br>00[ASN] 0: 00 .<br>00[ASN] L1 - modulus:<br>00[ASN] => 257 bytes @ 0x26763<br>00[ASN] 0: 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0 69 F5 C7 AD ..[...n..}%.i...<br>00[ASN] 16: 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D 94 FF AC 2A V..s.....oH}...*<br>00[ASN] 32: 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E 86 C2 91 C3 +=..Kd.....n....<br>00[ASN] 48: 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF B7 82 3C 0D .z=....P......<.<br>00[ASN] 64: 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4 D5 28 45 7E
.p.6.........(E~<br>00[ASN] 80: 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3 87 47 F4 E0 .g....4YO....G..<br>00[ASN] 96: A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52 0A 99 CB 99 ...M*.F...{R....<br>00[ASN] 112: EE F9 CE DB BE EF BC 50 66 87 F9 D8 17 72 FB 49 .......Pf....r.I<br>00[ASN] 128: D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5 F0 BC DC A1 ......v...c.....<br>00[ASN] 144: EF 27 95 15 2B 37 E3 BD 2A 05 64 F5 8C 0C DD 42 .'..+7..*.d....B<br>00[ASN] 160: 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB B3 49 EF A8 C&M.Jo;.z.9..I..<br>00[ASN] 176: BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C C7 36 6A 55 ..Y;.4...2.\.6jU<br>00[ASN] 192: BA 4C DE CE 80 01 C5 17 E5 3B 5E D6 F0 5F 81 10 .L.......;^.._..<br>00[ASN] 208: 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7 FC FA 76 AC ......LL.'....v.<br>00[ASN] 224: 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72 4B F3 6C C0
?>J..|.N..zrK.l.<br>00[ASN] 240: 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F A1 37 B6 9E ...i.....#...7..<br>00[ASN] 256: 53 <br>00[ASN] L1 - publicExponent:<br>00[ASN] => 3 bytes @ 0x26866<br>00[ASN] 0: 01 00 01 ...<br>00[ASN] L1 - privateExponent:<br>00[ASN] => 256 bytes @ 0x2686d<br>00[ASN] 0: 0F D0 BB 27 26 BA 25 69 97 39 E6 61 50 E5 E1 AB ...'&.%i.9.aP...<br>00[ASN]
16: 94 95 19 F4 12 6C BE E4 72 2F 0B 6F 34 A9 EF CC .....l..r/.o4...<br>00[ASN] 32: 53 A9 00 D6 A0 B6 8F A7 48 3C F0 96 03 D4 31 68 S.......H<....1h<br>00[ASN] 48: 9A 28 E8 5F 10 8A E0 F7 FB 52 40 D8 BE 85 B9 97 .(._.....R@.....<br>00[ASN] 64: 52 7D 4D 69 2F D2 5F E7 25 D9 4D 7C F3 32 5F D4 R}Mi/._.%.M|.2_.<br>00[ASN] 80: 3B 76 38 2D 74 80 99 D8 E6 09 DF 45 7D 76 93 97 ;v8-t......E}v..<br>00[ASN] 96: 5B 54 50 4E E7 E8 D2 09 62 7A FD 51 76 4B 6E 76 [TPN....bz.QvKnv<br>00[ASN] 112: EF 07 4F FD 38 3C DD 15 3C DC ED 07 3E 66 66 53 ..O.8<..<...>ffS<br>00[ASN] 128: 10 F5 EA 92 0F 29 45 6C 4E 91 04 BF 2F AF 8F 94 .....)ElN.../...<br>00[ASN] 144: 6B 46 76 D3 1B 7C 6C E0 A6 32 B8 49 C3 37 25 EA kFv..|l..2.I.7%.<br>00[ASN] 160: 8D 0B F4 48 19 D9 5C DC B5 8F 2F BA 42 50 AB 4B ...H..\.../.BP.K<br>00[ASN]
176: A2 4B E0 1C 3B 0B B6 FF F7 FC 4B EC F2 0E D8 E8 .K..;.....K.....<br>00[ASN] 192: E4 72 15 74 28 79 48 26 FC 8F 00 08 A2 7F 7A BD .r.t(yH&......z.<br>00[ASN] 208: 78 47 ED 44 49 93 AE 62 55 DA 62 C6 56 75 17 E7 xG.DI..bU.b.Vu..<br>00[ASN] 224: B3 80 88 71 F2 BF FE F3 D6 76 5E F2 B6 88 A7 BA ...q.....v^.....<br>00[ASN] 240: AB C1 36 C1 2D 6C 1D 7A 2F E4 3A E2 7B 49 BC C9 ..6.-l.z/.:.{I.<br>00[ASN] L1 - prime1:<br>00[ASN] => 129 bytes @ 0x26970<br>00[ASN] 0: 00 FB F2 DE A0 94 D7 FB 11 1F 15 81 3D 7D 09 18 ............=}..<br>00[ASN] 16: A1 BE 6E A9 84 59 65 E3 51 D4 83 FE 84 88 15 B8 ..n..Ye.Q.......<br>00[ASN] 32: 12 A4 DB 0D 29 37 5E E2 16 DB 8B 19 27 B3 57 82 ....)7^.....'.W.<br>00[ASN] 48: 92 50 05 78 92 E8 32 9B 73 34 7B 14 D2 2C 93 EC .P.x..2.s4{..,..<br>00[ASN] 64: 88 4A 58 BE 39 5A 98 1E 62 3C
12 34 54 0A C1 A9 .JX.9Z..b<.4T...<br>00[ASN] 80: 0A 44 6F 27 C5 7C 63 26 BD AF 44 B3 36 30 C4 32 .Do'.|c&..D.60.2<br>00[ASN] 96: 8B 10 E3 76 B3 19 90 4D 58 CE B5 7A 2F 3E 72 3E ...v...MX..z/>r><br>00[ASN] 112: BC 68 24 E3 D2 09 AC EA 28 07 FB 55 1E 8B 29 40 .h$.....(..U..)@<br>00[ASN] 128: D7 .<br>00[ASN] L1 - prime2:<br>00[ASN] => 129 bytes @ 0x269f4<br>00[ASN] 0: 00 E5 FF 4D F0 5E 2B F7 EF AF E7 C5 C7 68 5F 91 ...M.^+......h_.<br>00[ASN] 16: CD 2A D1 E2 08 21 70 5B 60 B6 6B C1 7F BF 51 CA .*...!p[`.k...Q.<br>00[ASN] 32: 9C 93 A4 8E 0E C2 EF 65 F4 FC 1E
7B A7 7B D1 96 .......e...{.{..<br>00[ASN] 48: 75 61 83 09 69 F6 1B 1F 76 98 5B 7B 7D 82 62 AF ua..i...v.[{}.b.<br>00[ASN] 64: 34 BA BD 6A E3 6B E3 A5 21 E6 FA FA 2E 9C 6A 21 4..j.k..!.....j!<br>00[ASN] 80: EC EF 78 26 74 2D D0 1A CF D6 80 EA 2B 68 81 89 ..x&t-......+h..<br>00[ASN] 96: 41 EF 8E 8F 69 13 66 48 19 9A CC E2 95 45 B3 C4 A...i.fH.....E..<br>00[ASN] 112: 8B 62 E1 A1 2E 29 A4 92 06 EE C5 FC A5 C6 33 92 .b...)........3.<br>00[ASN] 128: E5 .<br>00[ASN] L1 - exponent1:<br>00[ASN] => 257 bytes @ 0x26a79<br>00[ASN] 0: 00 D7 F2 E1 8F 5F 3A 60 A2 36 9F 27 A8 9D
9A A8 ....._:`.6.'....<br>00[ASN] 16: 56 E5 90 7C 4D 33 BE CC 48 1E 50 59 8C 3A AB B2 V..|M3..H.PY.:..<br>00[ASN] 32: 14 DC D7 2F B0 B5 8C 0C 43 85 1A 95 A5 0C E3 08 .../....C.......<br>00[ASN] 48: 64 78 1B DA F0 A5 4D 51 2D C9 6C D5 95 1C 21 69 dx....MQ-.l...!i<br>00[ASN] 64: 82 67 AD 55 B1 68 34 DC BC 8F B9 2F 42 63 27 88 .g.U.h4..../Bc'.<br>00[ASN] 80: 95 A0 59 58 4C 4C 59 78 0A C0 BA D3 72 90 B9 93 ..YXLLYx....r...<br>00[ASN] 96: 94 4D 63 EF EB CF 7C 14 B8 48 8A 98 9E FD 98 24 .Mc...|..H.....$<br>00[ASN] 112: 15 75 4B 34 49 79 A5 5E 84 3E 7C 44 16 B1 58 E7 .uK4Iy.^.>|D..X.<br>00[ASN] 128: B4 9F 2A 7E 39 17 DB 53 E8 23 5C D4 A7 C6 72 B9 ..*~9..S.#\...r.<br>00[ASN] 144: 1B 38 F7 45 93 C1 F9 1A 9B 03 59 76 29 13 4D B6 .8.E......Yv).M.<br>00[ASN] 160: 09 9A 93 F1 1C AD 1C A1 CD AD B7 79 D3 01 1C
46 ...........y...F<br>00[ASN] 176: 39 A3 1D 3E B1 9E B9 8F 38 1B 39 0F DC 41 76 7B 9..>....8.9..Av{<br>00[ASN] 192: 6B 78 FA CA 05 94 E0 CE C1 FE 8B F9 5D FE 74 EF kx..........].t.<br>00[ASN] 208: EC 2A 74 EF DB 83 BF F0 63 65 8B B6 68 4D 7A 86 .*t.....ce..hMz.<br>00[ASN] 224: 0A 90 6E C6 31 AE 01 DD 99 7C 87 E5 86 0A A3 D1 ..n.1....|......<br>00[ASN] 240: 8E 5A 63 A4 31 3A 02 22 2F 13 A8 40 13 57 F4 94 .Zc.1:."<a href="">/..@.W</a>..<br>00[ASN] 256: E7 <br>00[ASN] L1 - exponent2:<br>00[ASN] => 256 bytes @ 0x26b7e<br>00[ASN] 0: 62 08 1C 0D 4C 16 4C 2D C9 71 9E E6 FE B5 3A F7
b...L.L-.q....:.<br>00[ASN] 16: 66 0C EF 18 B3 13 A7 75 58 A9 2C F0 78 B8 DB 0D f......uX.,.x...<br>00[ASN] 32: 93 A5 8F FC 1D 36 2B AB 3D CE 94 21 40 02 3F 1F .....6+.=..!@.?.<br>00[ASN] 48: A6 6A D1 AC 38 84 8F D2 BD 39 78 26 EB 8D D2 F0 .j..8....9x&....<br>00[ASN] 64: 44 EB E3 40 9D 79 34 B9 DE 6D 2F D3 91 DF 75 4B <a href="mailto:D..@.y4..m/...uK">D..@.y4..m/...uK</a><br>00[ASN] 80: B0 9D F3 3A 2D 80 E7 A9 37 E2 1E 28 5A 41 0B 5E ...:-...7..(ZA.^<br>00[ASN] 96: 12 5F 5C C0 A3 68 D0 4F 97 92 59 9D AB AB 11 40 ._\..h.O..Y....@<br>00[ASN] 112: 74 66 F5 4D D7 32 26 3D 00 97 81 8A C6 53 53 66 tf.M.2&=.....SSf<br>00[ASN] 128: 18 D3 C1 98 FB 4A FC F5 F3 0B 23 1E C0 90 D6 41 .....J....#....A<br>00[ASN] 144: 3F 09 1C 87 8B 65 C5 9F 5B 0A 7D A8 08 86 CE 7C ?....e..[.}....|<br>00[ASN] 160: 6C 78 81 D0 BA
B6 5B 84 D0 5B 9E EE 3A 3C 1F C8 lx....[..[..:<..<br>00[ASN] 176: 3F 90 DD 31 B4 EF C6 95 9C E3 EA 54 5F 3A 34 00 ?..1.......T_:4.<br>00[ASN] 192: 4A 82 B4 CD 6B 82 40 FA 96 EB B3 6C 7B 00 B8 EC <a href="mailto:J...k.@....l">J...k.@....l</a>{...<br>00[ASN] 208: 11 1B 10 C8 3F DB 67 87 66 6F D9 5A 4A E7 F9 A2 ....?.g.fo.ZJ...<br>00[ASN] 224: C0 AF E6 C6 FE 31 56 B2 9C A5 DD 2B ED 19 75 C0 .....1V....+..u.<br>00[ASN] 240: D4 CF 1C 2C C3 FA FE ED 45 54 1E 16 05 7B DD A1 ...,....ET...{.<br>00[ASN] L1 - coefficient:<br>00[ASN] => 129 bytes @ 0x26c81<br>00[ASN] 0: 00 D1 11 4F C8 2E 46 7D 1B 3E B4 8D 13 44 EE F2 ...O..F}.>...D..<br>00[ASN] 16: 9D 64 EF AC 88 5F 48 97 48 5B AA 8C 31 25 87 ED .d..._H.H[..1%..<br>00[ASN] 32: 1C 99 49 F2 B8 DC CF 9F 8F 0E FB 4F 37 73 1F 68 ..I........O7s.h<br>00[ASN] 48: 39 4C F8 15 56
D5 29 15 E5 C1 11 79 03 2B EB C0 9L..V.)....y.+..<br>00[ASN] 64: 16 60 3C 68 62 74 0D 64 C0 FB D2 C7 D0 3F 99 3A .`<hbt.d.....?.:<br>00[ASN] 80: 85 F5 16 1F 34 04 54 43 F3 57 9C 81 C4 6A 34 51 ....4.TC.W...j4Q<br>00[ASN] 96: CA AA 79 DF 91 1F 0E 61 21 FF 35 8C 13 E6 A8 D7 ..y....a!.5.....<br>00[ASN] 112: 05 3A 05 D1 08 D1 DA D3 2E 77 9A 6C 22 4E 89 F8 .:.......w.l"N..<br>00[ASN] 128: 3D =<br>00[LIB] key integrity tests failed<br>00[ASN] L0 - encryptedPrivateKeyInfo:<br>00[ASN] L1 - encryptionAlgorithm:<br>00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02<br>00[ASN] => 3 bytes @
0x2675c<br>00[ASN] 0: 02 01 00 ...<br>00[ASN] L0 - privateKeyInfo:<br>00[ASN] L1 - version:<br>00[ASN] => 1 bytes @ 0x2675e<br>00[ASN] 0: 00 .<br>00[ASN] L1 - privateKeyAlgorithm:<br>00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02<br>00[ASN] => 261 bytes @ 0x2675f<br>00[ASN] 0: 02 82 01 01 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0
......[...n..}%.<br>00[ASN] 16: 69 F5 C7 AD 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D i...V..s.....oH}<br>00[ASN] 32: 94 FF AC 2A 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E ...*+=..Kd.....n<br>00[ASN] 48: 86 C2 91 C3 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF .....z=....P....<br>00[ASN] 64: B7 82 3C 0D 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4 ..<..p.6........<br>00[ASN] 80: D5 28 45 7E 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3 .(E~.g....4YO...<br>00[ASN] 96: 87 47 F4 E0 A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52 .G.....M*.F...{R<br>00[ASN] 112: 0A 99 CB 99 EE F9 CE DB BE EF BC 50 66 87 F9 D8 ...........Pf...<br>00[ASN] 128: 17 72 FB 49 D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5 .r.I......v...c.<br>00[ASN] 144: F0 BC DC A1 EF 27 95 15 2B 37 E3 BD 2A 05 64 F5 .....'..+7..*.d.<br>00[ASN] 160: 8C 0C DD 42 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB
...BC&M.Jo;.z.9.<br>00[ASN] 176: B3 49 EF A8 BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C .I....Y;.4...2.\<br>00[ASN] 192: C7 36 6A 55 BA 4C DE CE 80 01 C5 17 E5 3B 5E D6 .6jU.L.......;^.<br>00[ASN] 208: F0 5F 81 10 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7 ._........LL.'..<br>00[ASN] 224: FC FA 76 AC 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72 ..v.?>J..|.N..zr<br>00[ASN] 240: 4B F3 6C C0 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F K.l....i.....#..<br>00[ASN] 256: A1 37 B6 9E 53 .7..<br>00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 6 builders<br>00[CFG] loading private key from '/tmp/ssl/private/MyServerKey.pem' failed<br> </span></div><div style="color: rgb(0, 0, 0); font-family: times
new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>Regards</span></div> Kiran<div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> <div style="margin: 5px 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); height: 0px; line-height: 0; font-size: 0px;" class="hr" contentEditable="false" readonly="true"></div> <b><span style="font-weight: bold;">From:</span></b> Martin Willi <martin@strongswan.org><br> <b><span style="font-weight: bold;">To:</span></b> Kiran Joshi <kiran.joshi38@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, January 24, 2013 2:59 AM<br> <b><span
style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] Unable to load the private key without openssl plugin<br> </font> </div> <br>
Hi Kiran,<br><br>> 00[LIB] key integrity tests failed: chect that exp1(150380) is d(150368) mod (p(150344)-1), t=-1097449556<br>> 00[LIB] key integrity tests failed: checkt that exp2(150392) is d(150368) mod (q(150356)-1), t=-1097449556<br><br>Seems like this key is definitely invalid. By definition in PKCS#1:<br> exponent1 is d mod (p - 1)<br> exponent2 is d mod (q - 1)<br><br>But in your key, this is not the case.<br> <br>> is created with the openssl -engine cryptodev (OCF + h/w driver) option.<br><br>Looks like a bug to me in your hardware or driver.<br><br>> works fine for our SIP TLS <br><br>This is absolutely possible, for example if it regenerates the<br>exponents. Nonetheless, the key is not valid according to PKCS#1.<br><br>Regards<br>Martin<br><br><br><br> </div> </div> </div></body></html>