[strongSwan] charon IKEv2 usb smartcard dongle integration
dimitris at siganos.org
Thu Apr 8 20:08:22 CEST 2010
I have been asked by a client to investigate what it would take to
create a linux strongswan deployment that integrates strongswan IKEv2
with a USB security smartcard. We already have some Aladdin Token
JavaCard (USB ID 0529:0620) dongles but I imagine that any well known
dongle will do. We want to deploy a PKI based system where the RSA
private key is stored in the smartcard.
Just to make sure I don't get the wrong replies, I would like to
reiterate that this email refers to charon (IKEv2) smartcard
integration. The smartcard related pages in the strongswan wiki, don't
apply in this case, because they refer to pluto IKEv1 smartcard integration.
My understanding from reading various sources, is that to get charon to
work with a smartcard, I need to do the following:
1) setup charon to use openssl instead of its default plugins for RSA
2) use engine_pkcs11 to provide PKCS openssl engine (and somehow get
charon to use it)
3) use openct to provide driver access to the dongle
4) I think I also need opensc because engine_pkcs11 expects it but I am
Does anyone have any experience with this sort of integration? I believe
the client is willing to pay for this. Obviously a ready made solution
would be ideal but if we will have to develop it ourselves.
More information about the Users