[strongSwan] IKEv1 - Authentication Methods - RFC 2409 Public Key Encryption support in Strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jun 29 05:57:13 CEST 2011
Well, if rsa_enc stands for RSA encryption then strongSwan
does not support this mode (see explananation below).
Andreas
On 06/29/2011 02:55 AM, Salib, Emil Habib - salibeh wrote:
> Hello Andreas, Thanks for your quick response. Another question: Do
> you know if StrongSwan inter-operates with Cisco routers (e.g. 3640 )
> set up with a crypto isakmp policy of authentication : rsa_enc? Best
> regards Emil
>
> ________________________________________ From: Andreas Steffen
> [andreas.steffen at strongswan.org] Sent: Tuesday, June 28, 2011 5:20
> AM To: Salib, Emil Habib - salibeh Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] IKEv1 - Authentication Methods - RFC 2409
> Public Key Encryption support in Strongswan
>
> Hello Emil,
>
> to my best knowledge nobody implemented IKEv1 public key encryption
> and therefore strongSwan didn't either. Everyone is using digital
> signatures.
>
> Best regards
>
> Andreas
>
> On 06/28/2011 02:38 AM, Emil Salib wrote:
>> Hello, My question is to do with IKEv1 Phase 1 Authentication. RFC
>> 2409 specifies 4 different Authentications: A shared secret, A
>> digital signature, Public key encryption and Revised public key
>> encryption. Using StrongSwan 4.4.0, I was able to set up net2net
>> PSK , net2net digital signature using both RAW RSA and X.509
>> certificates. Is there a way to set up a net2net with the 2409
>> public key encryption authentication method (where the ID and Nonce
>> in the second and third ISKAMP (main mode) messages are encrypted)
>> using StrongSwan? Thanks Emil
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list