[strongSwan] Some confusion about RSA and ECDSA support in Strongswan
Christian Liebscher
lemurenkind at gmail.com
Fri Jan 4 17:19:52 CET 2013
Hello All,
I have some questions about the supported signature algorithms in
strongswan.
As I understand it, strongswan supports RSA and ECDSA with various
bitlengths at this time. I also know that I can use the ipsec pki tool to
create certificates using one of these algorithms. To create ECDSA-keypair
I had to enable the openssl support via "./configure --enable-openssl".
Do I have to enable the openssl support only for creating such
certificates? (Currently on a Debian host with Strongswan 5.0.1)
Or do I also need the openssl support during the key exchange? (On an arm
platform with cross compiled StrongSwan 5.0.1, no openssl-lib at this time)
How about RSA? There is obviously no need for openssl for building a
certificate with rsa keypairs. So there is an implementation in Strongswam
itself, right?
Thanks,
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130104/a6e760c1/attachment.html>
More information about the Users
mailing list