[strongSwan] StrongSwan AES256 on SEAndroid?
Andreas Steffen
andreas.steffen at strongswan.org
Fri Jul 13 19:56:23 CEST 2012
Hi,
unfortunately Elliptic Curve Cryptography is disable in Android's
OpenSSL library.
Regards
Andreas
On 07/13/2012 05:29 PM, Gia T. Nguyen wrote:
>
> Hello,
>
> I got RSA 2048-bit certificate StrongSwan to work on an SEAndroid
> device. However, when I tried it with an AES-256 certificate, I get
> this error:
>
> I/charon ( 1035): 00[LIB] building CRED_PRIVATE_KEY - ECDSA failed,
> tried 1 builders
> I/charon ( 1035): 00[CFG] loading private key from
> '/system/etc/ipsec.d/private/carolKey.pem' failed
> I/charon ( 1035): 00[DMN] loaded plugins: openssl fips-prf random
> pubkey pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke
> eap-identity eap-mschapv2 eap-md5
>
> The same AES-256 certs and configurations worked fine on an Ubuntu PC
> platform. Please advise if you had seen this before.
>
> Cheers,
>
> Below are the configurations:
>
> # /etc/ipsec.conf - strongSwan IPsec configuration file
>
> config setup
> crlcheckinterval=180
> strictcrlpolicy=no
> plutostart=no
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> ike=aes256-sha384-ecp384,aes128-sha256-ecp256!
> esp=aes256gcm16,aes128gcm16!
>
> conn rw
> left=192.168.1.140
> leftcert=moonCert.pem
> leftsubnet=10.1.0.0/16
> leftfirewall=yes
> right=%any
> keyexchange=ikev2
> auto=add
>
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> : ECDSA moonKey.pem
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list