[strongSwan-dev] SQL and key IDs

Andreas Steffen andreas.steffen at strongswan.org
Tue May 4 06:13:15 CEST 2010

Hello Jason,

the key2keyid tool computes the keyid of either a private or public
key file but not of the public key contained in an X.509 certificate

But you can compute the keyid of a certificate directly with the
following command:

ipsec pki --keyid --in strongswanCert.pem --type x509

subjectPublicKeyInfo hash:

and remove the colons ':' in the subjectKeyIdentifier.

Best regards


J. Tang wrote:
> I am trying to work through the example SQL statements in testing/ 
> tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql.  For the second  
> INSERT INTO identities (
>    type, data
> ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root  
> CA' */
>    11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def'
>   );
> Where did the key ID come from?  I tried:
>    scripts/key2keyid < strongswanCert.der
> where strongswanCert.der is the x509 DER-encoded certificate stored  
> on line 38 of data.sql.  I keep getting the error:
>    "unable to parse input key."
> The same occurs when I try scripts/key2keyid.
> My question is, how do I determine which key ID should be placed in  
> the SQL statements?

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100504/4f65c076/attachment.bin>

More information about the Dev mailing list