[strongSwan-dev] simple RSA authentication w/o CA

Martin Willi martin at strongswan.org
Mon Feb 4 16:52:31 CET 2013

> the public key is entered as text (RFC 3110 DNSKEY format) in the
> left|rightrsasigkey.

>  charon: 13[LIB] building CRED_PUBLIC_KEY - RSA failed, tried 3 builders
>  charon: 13[CFG]   loading RSA public key for "<leftid>" failed

Loading the public key fails for some reason. Have you built and enabled
both the dnskey and the pubkey plugins? These are required to load raw
public keys.

>  charon: 04[IKE] no private key found for '<leftid>'

This is just a consequence of the failure above. The daemon needs a
certificate (or a public key loaded with a leftid) to find a private key
for a given identity.

> <leftid> : RSA <leftid>.pem

This doesn't help, as charon does not depend on/respect the identities
assigned to a private key.

Alternatively, you can try to specify a path to the (PEM or DER encoded)
public key in left/rightrsasigkey. This way you don't need RFC 3110
encoded keys.


More information about the Dev mailing list