[strongSwan] API to access keys used by IPsec
Martin Willi
martin at strongswan.org
Wed Jun 22 09:11:18 CEST 2011
Hi Terry,
> I have an encryption protocol that currently use pre-shared keys. I
> would like to use charon from strongSwan to do the key exchange.
> What's the API to access those keys used by IPsec? Also are those
> keys in memory or in files? If in files, where are they?
It's not really clear to me what you want to do. The IKEv2 protocol can
use pre-shared keys to authenticate the peers. These keys are usually
stored in the ipsec.secrets file, but other credential backends
implementing the credential_set_t [1] interface can be used to query
secrets.
The actually used encryption keys are derived from a Diffie-Hellman
exchange and other parameters. To intercept these keys programmatically,
you could implement the ike_keys()/child_keys() hooks [2] in your own
listener.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_set.h;hb=HEAD#l83
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/bus/listeners/listener.h;hb=HEAD#l105
More information about the Users
mailing list