[strongSwan] StrongSwan AES256 on SEAndroid?

Andreas Steffen andreas.steffen at strongswan.org
Fri Jul 13 19:56:23 CEST 2012


Hi,

unfortunately Elliptic Curve Cryptography is disable in Android's
OpenSSL library.

Regards

Andreas

On 07/13/2012 05:29 PM, Gia T. Nguyen wrote:
> 
> Hello,
> 
> I got RSA 2048-bit certificate StrongSwan to work on an SEAndroid
> device.  However, when I tried it with an AES-256 certificate, I get
> this error:
> 
> I/charon  ( 1035): 00[LIB] building CRED_PRIVATE_KEY - ECDSA failed,
> tried 1 builders
> I/charon  ( 1035): 00[CFG]   loading private key from
> '/system/etc/ipsec.d/private/carolKey.pem' failed
> I/charon  ( 1035): 00[DMN] loaded plugins: openssl fips-prf random
> pubkey pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke
> eap-identity eap-mschapv2 eap-md5
> 
> The same AES-256 certs and configurations worked fine on an Ubuntu PC
> platform.  Please advise if you had seen this before.
> 
> Cheers,
> 
> Below are the configurations:
> 
> # /etc/ipsec.conf - strongSwan IPsec configuration file
>   
>  config setup
>  crlcheckinterval=180
> strictcrlpolicy=no
> plutostart=no
> 
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> ike=aes256-sha384-ecp384,aes128-sha256-ecp256!
> esp=aes256gcm16,aes128gcm16!
> 
> conn rw
> left=192.168.1.140
> leftcert=moonCert.pem
> leftsubnet=10.1.0.0/16
> leftfirewall=yes
> right=%any
> keyexchange=ikev2
> auto=add
> 
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
> 
> : ECDSA moonKey.pem
> 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==






More information about the Users mailing list