[strongSwan] Fail on loading secrets (ECDSA)

William Greene wgreene9617 at yahoo.com
Tue Nov 30 21:55:07 CET 2010 

Hello,

The charon daemon keeps restarting after the "loading secrets from 
'/etc/ipsec.secrets' log line when the private key is in der format.  In pem 
form, same thing but with:

Nov 30 14:28:52 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 30 14:28:52 00[LIB]   file content is not binary ASN.1
Nov 30 14:28:52 00[LIB]   -----BEGIN EC PRIVATE KEY-----
Nov 30 14:28:52 00[LIB]   -----END EC PRIVATE KEY-----

So der form seems the way to go.  It appears that I'm having the same issue as 
this:

https://lists.strongswan.org/pipermail/users/2008-December/003030.html

I've regenerated these ECDSA keys several times and I'm at a loss right now how 
to get going with SuiteB testing.  I've attached the files that I'm using, 
hoping that someone can tease a clue out from them.

Thanks in advance for any help anyone can provided,
Bill



Note: I was unable to use "ipsec pki" commands to create the keys so I resolved 
myself to using openssl and I removed the passphase from the private key file, 
so I know that can't be the issue.  To do this I did the following:



[root at KAP8 private]# openssl ecparam -genkey -name secp384r1  -out testParam.pem

[root at KAP8 private]# openssl req -x509 -newkey ec:testParam.pem -config 
/root/openssl.cnf -out testPub.pem -outform PEM
Generating a 384 bit EC private key
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
...

[root at KAP8 private]# ls
privkey.pem  temp  testParam.pem  testPub.pem

[root at KAP8 private]# openssl ec -in privkey.pem -out testKey.pem
read EC key
Enter PEM pass phrase:
writing EC key

[root at KAP8 private]# ls
privkey.pem  temp  testKey.pem  testParam.pem  testPub.pem

[root at KAP8 private]# openssl ec -outform DER -in testKey.pem -out testKey.der
read EC key
writing EC key


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/c2251556/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: filecontents.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/c2251556/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 967 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/c2251556/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.secrets
Type: application/octet-stream
Size: 174 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/c2251556/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.conf
Type: application/octet-stream
Size: 1620 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/c2251556/attachment-0002.obj>

More information about the Users mailing list