[strongSwan] StrongSwan AES256 on SEAndroid?
Gia T. Nguyen
gia.nguyen at metronome-software.com
Fri Jul 13 17:29:36 CEST 2012
Hello,
I got RSA 2048-bit certificate StrongSwan to work on an SEAndroid device.
However, when I tried it with an AES-256 certificate, I get this error:
I/charon ( 1035): 00[LIB] building CRED_PRIVATE_KEY - ECDSA failed, tried 1
builders
I/charon ( 1035): 00[CFG] loading private key from
'/system/etc/ipsec.d/private/carolKey.pem' failed
I/charon ( 1035): 00[DMN] loaded plugins: openssl fips-prf random pubkey
pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke
eap-identity eap-mschapv2 eap-md5
The same AES-256 certs and configurations worked fine on an Ubuntu PC
platform. Please advise if you had seen this before.
Cheers,
Below are the configurations:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ike=aes256-sha384-ecp384,aes128-sha256-ecp256!
esp=aes256gcm16,aes128gcm16!
conn rw
left=192.168.1.140
leftcert=moonCert.pem
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
keyexchange=ikev2
auto=add
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: ECDSA moonKey.pem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120713/fb122da2/attachment.html>
More information about the Users
mailing list