[strongSwan-dev] VICI API for sending decrypt password for RSA private key
andreas.steffen at strongswan.org
Wed Jan 6 07:20:10 CET 2016
the loading of private keys is not handled by starter but by the
stroke plugin through processing of /etc/ipsec.secrets. Thus the
decryption of protected private key files is done directly by the
charon daemon via the stroke plugin.
On 06.01.2016 06:19, Harry Chan-Maestas wrote:
> Hi Andreas,
> Thank you for clarification.
> So is the "starter" process doing something similar when processing
> ipsec.secrets? Basically, I was looking something like
> : RSA /<private key file>/ [ /<passphrase>/ | /%prompt/ ]
> through VICI.
> On Tue, Jan 5, 2016 at 9:04 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> Hi Harry,
> yes your assumption is correct. swanctl decrypts protected private
> keys and sends them as plaintext via VICI to the charon daemon.
> Best regards
> On 06.01.2016 03:59, Harry Chan-Maestas wrote:
> Is this assumption/understanding correct? Going through the swantcl
> code, it seems that the way it deals with encrypted private keys
> is by
> reading the key, decrypting it, and sending the decrypted
> version to Charon.
> If this is not the case, would anyone know what is the API to
> send the
> encrypted RSA private key and the decrypt password to Charon
> through VICI?
> Thank you in advance,
> Andreas Steffen andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
More information about the Dev