<div dir="ltr">Hi <span style="font-family:arial,sans-serif;font-size:13px">Andreas,</span><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div style><span style="font-family:arial,sans-serif;font-size:13px">I tried converting the private key from  </span><span style="font-family:arial,sans-serif;font-size:13px">PKCS#8 to PKCS#1, but still I am getting the same error:</span></div>
<div style><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div style><div><font face="arial, sans-serif">CFPU-0 charon: 00[LIB]   -----BEGIN PRIVATE KEY-----</font></div><div><font face="arial, sans-serif"> charon: 00[LIB]   -----END PRIVATE KEY-----</font></div>
<div><font face="arial, sans-serif">charon: 00[LIB] L0 - RSAPrivateKey:</font></div><div><font face="arial, sans-serif"> charon: 00[LIB] L1 - version:</font></div><div><font face="arial, sans-serif"> charon: 00[LIB] => 1 bytes @ 0x1200ac806</font></div>
<div><font face="arial, sans-serif"> charon: 00[LIB]    0: 00                                               .</font></div><div><font face="arial, sans-serif"> charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30</font></div>
<div><font face="arial, sans-serif"> charon: 00[LIB] => 15 bytes @ 0x1200ac807</font></div><div><font face="arial, sans-serif"> charon: 00[LIB]    0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00     0...*.H........</font></div>
<div><font face="arial, sans-serif"> charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders</font></div><div><font face="arial, sans-serif"> charon: 00[CFG]   loading private key from '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed</font></div>
<div><font face="arial, sans-serif"> charon: 00[LIB] plugin 'stroke': loaded successfully</font></div><div><font face="arial, sans-serif"> charon: 00[LIB] plugin 'kernel-netlink': loaded successfully</font></div>
<div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif"><br></font></div><div style><font face="arial, sans-serif">-Bhargav</font></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Sat, Jun 1, 2013 at 3:17 AM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Bhargav,<br>
<br>
The private key that you are trying to load is a PKCS#8 file,<br>
a format being used by openssl 1.x.x. PKCS#8 support was introduced<br>
with strongswan 4.6.2. So as a workaround either upgrade to a newer<br>
strongSwan version or convert the private key from PKCS#8 to PKCS#1<br>
using the following openssl command:<br>
<br>
openssl pkcs8 -nocrypt -in key8.pem -out key1.pem<br>
<br>
Regards<br>
<br>
Andreas<br>
<div class="HOEnZb"><div class="h5"><br>
On 05/31/2013 08:12 AM, bhargav p wrote:<br>
> Hi,<br>
><br>
> I am trying to establish the IPsec tunnel with certificates with charon.<br>
><br>
> From the logs the below error is thrown:<br>
><br>
> L0 - RSAPrivateKey:<br>
>  charon: 00[LIB] L1 - version:<br>
>  charon: 00[LIB] => 1 bytes @ 0x1200ac406<br>
>  charon: 00[LIB]    0: 00                                               .<br>
>  charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30<br>
>  charon: 00[LIB] => 15 bytes @ 0x1200ac407<br>
>  charon: 00[LIB]    0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00<br>
> 0...*.H........<br>
> charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders<br>
>  charon: 00[CFG]   loading private key from<br>
> '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed<br>
>  charon: 00[LIB] plugin 'stroke': loaded successfully<br>
>  charon: 00[LIB] plugin 'kernel-netlink': loaded successfully<br>
>  charon: 00[DMN] loaded plugins: openssl random pem x509 pubkey pkcs1<br>
> hmac xcbc stroke kernel-netlink<br>
> May 31 13:32:21.117438 info CLA-0 charon: 00[JOB] spawning 16 worker threads<br>
> charon: 07[LIB]   file content is not binary ASN.1<br>
><br>
> Can some one help me here.<br>
><br>
> Using strongswan version:4.5.3<br>
><br>
> cat defaultPrivateKey.pem<br>
> -----BEGIN PRIVATE KEY-----<br>
> MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyoayXeOOMy5rE<br>
> tqdP56GJnNP29Ul1OSk7W8BS9Y6yZb0dlcL4NWhg4xbPk4zBZKR1FUsjKYUcNogE<br>
> 33G5/muESiPzLWE8CeMGf6WrXH40W99kpIho204WsIJlLG3OCF2UQCXA/FGYJTqe<br>
> ODKQzea0oxjEHzLdSxpYaCAggPeBuiZ5+2kf+hE+d1qxOYheFM0JGkduXr2F9I+f<br>
> VMDAXk64uCG8v7z5DlTrYhgDr3WhRkzv+STIDuAvqiFaV26bpa7lqmpEcO5nrklF<br>
> 3jJ8cDWSn+l390TIdg8pn4bJTyyfs9cYtpDpn0fndvuFvncbGAT+b5EifoUES6J9<br>
> mmIBHioRAgMBAAECggEBAJZrxF2NI/jE3yA1OzDzObkbAfcc2G3I46qjeZGiTDZ3<br>
> q8fE+/htaOblc6j6c/XKnR4m/y2t4fQ/C00nJ6pazwkIMbuuBAo9vRoU1Vo2ueO3<br>
> Vad3UZMS0XAT1MoDnrd3ne2gEuquzrrS5sijRBlh+Zs1GD7Wkst8WcQGcr9MOp/W<br>
> y9B+gOMb8QcoJkiyenKIGstyFFLUd8IWtzLpPVKYABfjw+qIFmZno2+Z3uWnE6jM<br>
> h8J7sWFXQyBtcylhd9jxGpPn9gPkt4v9kWMe2+Pd7vCbRMQrVGx3hIuUSaLpeN11<br>
> hLsCJGaSY+y4wd5P5cbL6/OveU0eEgUlQ5LYx5DngFECgYEA4CjtDmrAXnMZSbAW<br>
> uriD9IjsEhBwY0xYQXteNq216NYAO27e+Hl6seXG1AIPKxpbA+y9ZwOQhDA9adCV<br>
> fZHzd0k7QqVzEgyIo9gNa30zGIaPBG3DYKFK7bxg16MUt8K8HZKxCDG4b1gKjHJq<br>
> 7G+6ANM5k3P22gLFgsgF8D34i8UCgYEAzAE2R0qzjcDa6+6cG0f9aikITl2d2TMZ<br>
> pMC0hhy1YiSD7940QtxjnMD5dCGWYGnQhYLum78jMP49NpJcDfHfJC8QNp5vrPjq<br>
> dVXqWdDDf+f64ck6GYvVs+7DzCQHcLdmruvmId5p73TrSaZIpRDA8aXizJr9XfDl<br>
> sXRUSJlqjd0CgYB5pfwwLMLE/xWkJcnP/z6tQHlMvFshqFblAnx4lAD6oNhzaJHc<br>
> qqBpVtd2Sr/Mlnr6QEnxU7/j3QIXILlf8gr8m2Nrobo2+1JUCHYP9Vv7XVrT/nVf<br>
> RWkSZ37ux3QA3c+VBPzKA6Gh21euLJHWSjPZKsg+O1qlqYdimAaRADCYOQKBgC1o<br>
> G6e0ldB4W4HmAzMDTAFkDqg6qBafDBcimUu8ehbVH9S09ZboLPfH7/4MN8dP5gzB<br>
> ftCFs5SFEiTiYMDt1AfevdIaY6rxYGYrcFT7ZXhDrxCwVFE5UaCSBVybrFhHSgCn<br>
> Gvrw4U1eDby/2S18VCW1EY0O9lQBeW6NAPGDzDa1AoGAFGpXEPZfEV0RbZO7dLMN<br>
> O3x1Oz75HGdkLot3Cvc6RuLr8uxnQzGPTQ3FcNMnlLHnjhdmB+9rMpZlD3gmxKVv<br>
> 73UfJd4+oP5VfWrAEcMAZCXrJsp1TjECwAp4Qrvv+aJZI+c9qYhRhuoTMHG+NLMK<br>
> GMAIlLWjiZrkCZEtW15hD+o=<br>
> -----END PRIVATE KEY-----<br>
><br>
> --Bhargav<br>
><br>
><br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
======================================================================<br>
Andreas Steffen                         <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution!                <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div><br><div><font color="#282828" face="Calibri"><span style="color:#282828;font-size:11pt"></span></font></div>
</div></div>