[strongSwan-dev] Read private key with OpenSSL Engine
Ignacio Alamo Corsino
nacao2001 at hotmail.com
Wed Aug 9 16:27:21 CEST 2017
after some research, I think I can answer my own question in case anyone finds the same problem in the future.
The line that should be added in this case to ipsec.secrets is:
<leftipaddress> : PIN %smartcard:N "1234"
Being N the slot number of the smartcard and "pin1234" the pin code.
More info here: https://wiki.strongswan.org/projects/strongswan/wiki/PinSecret
After this step, I still had problems because when I wrote my engine, I didn't implement a PIN command.
This has to be added to your OpenSSL Engine implementation.
As an example, one can take a look to the implementation of the OpenSSL dynamic engine:
Now the key is loaded and everything works fine.
Hope this helps anyone.
De: Dev <dev-bounces at lists.strongswan.org> en nombre de Ignacio Alamo Corsino <nacao2001 at hotmail.com>
Enviado: lunes, 7 de agosto de 2017 15:55
Para: dev at lists.strongswan.org
Asunto: [strongSwan-dev] Read private key with OpenSSL Engine
I have written an OpenSSL engine to communicate with my smartcard (no pkcs#11 involved).
This engine loads some private key information from the smartcard (n,e) and also performs private key operations like signing.
The private key is normally loaded with the ENGINE_load_private_key OpenSSL function.
The problem that I have is that I don't know how to tell strongSwan to load the private key information using my engine in ipsec.secrets,
so I always end up with an "no private key found for 'Cert_XXXXXX'" error.
I am aware that I should use the openssl plugin but I don't know how to apply it to this case.
Thanks for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev