[strongSwan-dev] VICI API for sending decrypt password for RSA private key

Harry Chan-Maestas harry.chan.maestas at gmail.com
Wed Jan 6 06:19:13 CET 2016


Hi Andreas,

Thank you for clarification.

So is the "starter" process doing something similar when processing
ipsec.secrets? Basically, I was looking something like

: RSA *<private key file>* [ *<passphrase>* | *%prompt* ]

through VICI.

Harry

On Tue, Jan 5, 2016 at 9:04 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Harry,
>
> yes your assumption is correct. swanctl decrypts protected private
> keys and sends them as plaintext via VICI to the charon daemon.
>
> Best regards
>
> Andreas
>
>
> On 06.01.2016 03:59, Harry Chan-Maestas wrote:
>
>> Hi,
>>
>> Is this assumption/understanding correct? Going through the swantcl
>> code, it seems that the way it deals with encrypted private keys is by
>> reading the key, decrypting it, and sending the decrypted version to
>> Charon.
>>
>> If this is not the case, would anyone know what is the API to send the
>> encrypted RSA private key and the decrypt password to Charon through VICI?
>>
>> Thank you in advance,
>>
>> Harry
>>
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160105/8bc2ceb8/attachment.html>


More information about the Dev mailing list