[strongSwan] Need help reviewing a tutorial on smartcards

François Pérou francois.perou at free.fr
Fri Apr 9 17:43:37 CEST 2010

On Fri, 2010-04-09 at 15:59 +0100, Dimitrios Siganos wrote:
> But the logs are saying that it can't find your private kays. The
> logs 
> also suggest that it loads at least one certificate from the
> smartcard. 

Sorry, I forgot to publish the ipsec.secrets file:
: PIN %smartcard %prompt

Then I run ipsec secrets to enter PIN.

I would suspect your ipsec.secrets file here. But I don't know how you 
> are supposed to tell strongswan which private key to use from the 
> smartcard (there could many). It makes sense that it needs to be told 
> but how do we do that? 

I am trying with a new card with only one certificate.

In smartcards, the private key never leaves the card. So I doubt that
strongSwan can ever access the card.

On the converse, strongSwan needs to be able to make crypto operations
from the smartcard using OpenSSL.

Kind regards

More information about the Users mailing list