[strongSwan] StrongSwan AES256 on SEAndroid?

Gia T. Nguyen gia.nguyen at metronome-software.com
Fri Jul 13 17:29:36 CEST 2012


Hello,

I got RSA 2048-bit certificate StrongSwan to work on an SEAndroid device.
However, when I tried it with an AES-256 certificate, I get this error:

I/charon  ( 1035): 00[LIB] building CRED_PRIVATE_KEY - ECDSA failed, tried 1
builders
I/charon  ( 1035): 00[CFG]   loading private key from
'/system/etc/ipsec.d/private/carolKey.pem' failed
I/charon  ( 1035): 00[DMN] loaded plugins: openssl fips-prf random pubkey
pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke
eap-identity eap-mschapv2 eap-md5

The same AES-256 certs and configurations worked fine on an Ubuntu PC
platform.  Please advise if you had seen this before.

Cheers,

Below are the configurations:

# /etc/ipsec.conf - strongSwan IPsec configuration file
  
 config setup
 crlcheckinterval=180
strictcrlpolicy=no
plutostart=no

conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ike=aes256-sha384-ecp384,aes128-sha256-ecp256!
esp=aes256gcm16,aes128gcm16!

conn rw
left=192.168.1.140
leftcert=moonCert.pem
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
keyexchange=ikev2
auto=add

# /etc/ipsec.secrets - strongSwan IPsec secrets file

: ECDSA moonKey.pem




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120713/fb122da2/attachment.html>


More information about the Users mailing list