[strongSwan-dev] SQL and key IDs
Andreas Steffen
andreas.steffen at strongswan.org
Tue May 4 06:13:15 CEST 2010
Hello Jason,
the key2keyid tool computes the keyid of either a private or public
key file but not of the public key contained in an X.509 certificate
file.
But you can compute the keyid of a certificate directly with the
following command:
ipsec pki --keyid --in strongswanCert.pem --type x509
subjectKeyIdentifier:
5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
subjectPublicKeyInfo hash:
ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc
and remove the colons ':' in the subjectKeyIdentifier.
Best regards
Andreas
J. Tang wrote:
> I am trying to work through the example SQL statements in testing/
> tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql. For the second
> INSERT,
>
> INSERT INTO identities (
> type, data
> ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root
> CA' */
> 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def'
> );
>
> Where did the key ID come from? I tried:
>
> scripts/key2keyid < strongswanCert.der
>
> where strongswanCert.der is the x509 DER-encoded certificate stored
> on line 38 of data.sql. I keep getting the error:
>
> "unable to parse input key."
>
> The same occurs when I try scripts/key2keyid.
>
> My question is, how do I determine which key ID should be placed in
> the SQL statements?
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100504/4f65c076/attachment.bin>
More information about the Dev
mailing list