[strongSwan] smartcard/HSM question
Pisano, Stephen G (Stephen)
Stephen.Pisano at alcatel-lucent.com
Wed May 30 14:35:07 CEST 2012
We want to use strongswan IKEv2 in such a way that the private key used by IKE (e.g. for creating the AUTH payload) never leaves some specialized custom secure hardware. The idea is that the private key is generated in the special hardware, stored there, and used there, and never leaves there in the clear, and strongSwan just sends requests to it, via a custom driver, say with a PKCS #11 interface, to perform crypto operations on certain data, and just get the result back...so strongSwan never "sees" the actual private key (or any hacker)...
I thought your smartcard/PKCS #11 capabilities would allow us to do this, but then I saw in another thread (http://email@example.com/msg02633.html) the following debug output:
00[CFG] loaded private key from
%smartca... at etoken:33423544384442423444303736374239
Suggesting that strongSwan is reading in the private key into its memory from a smartcard, just as I assume it does in the non-smartcard case (i.e., reading from a file).
So, I am wondering if strongSwan can currently do what we want, with current smartcard capabilities, or if not, if it would be feasible to modify strongSwan to support such secure key generation/storage/operations capabilities?
More information about the Users