[strongSwan-dev] VICI API for sending decrypt password for RSA private key

Harry Chan-Maestas harry.chan.maestas at gmail.com
Wed Jan 6 18:44:25 CET 2016


I see. Thanks for the answer.

-- Harry

On Tue, Jan 5, 2016 at 10:20 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Harry,
>
> the loading of private keys is not handled by starter but by the
> stroke plugin through processing of /etc/ipsec.secrets. Thus the
> decryption of protected private key files is done directly by the
> charon daemon via the stroke plugin.
>
> Best regards
>
> Andreas
>
> On 06.01.2016 06:19, Harry Chan-Maestas wrote:
>
>> Hi Andreas,
>>
>> Thank you for clarification.
>>
>> So is the "starter" process doing something similar when processing
>> ipsec.secrets? Basically, I was looking something like
>>
>> : RSA /<private key file>/ [ /<passphrase>/ | /%prompt/ ]
>>
>> through VICI.
>>
>> Harry
>>
>> On Tue, Jan 5, 2016 at 9:04 PM, Andreas Steffen
>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
>> wrote:
>>
>>     Hi Harry,
>>
>>     yes your assumption is correct. swanctl decrypts protected private
>>     keys and sends them as plaintext via VICI to the charon daemon.
>>
>>     Best regards
>>
>>     Andreas
>>
>>
>>     On 06.01.2016 03:59, Harry Chan-Maestas wrote:
>>
>>         Hi,
>>
>>         Is this assumption/understanding correct? Going through the
>> swantcl
>>         code, it seems that the way it deals with encrypted private keys
>>         is by
>>         reading the key, decrypting it, and sending the decrypted
>>         version to Charon.
>>
>>         If this is not the case, would anyone know what is the API to
>>         send the
>>         encrypted RSA private key and the decrypt password to Charon
>>         through VICI?
>>
>>         Thank you in advance,
>>
>>         Harry
>>
>>
>>     ======================================================================
>>     Andreas Steffen andreas.steffen at strongswan.org
>>     <mailto:andreas.steffen at strongswan.org>
>>     strongSwan - the Open Source VPN Solution! www.strongswan.org
>>     <http://www.strongswan.org>
>>     Institute for Internet Technologies and Applications
>>     University of Applied Sciences Rapperswil
>>     CH-8640 Rapperswil (Switzerland)
>>     ===========================================================[ITA-HSR]==
>>
>>
>>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160106/9f195cf5/attachment.html>


More information about the Dev mailing list