[strongSwan] Unable to load the private key without openssl plugin
Martin Willi
martin at strongswan.org
Thu Jan 24 09:59:19 CET 2013
Hi Kiran,
> 00[LIB] key integrity tests failed: chect that exp1(150380) is d(150368) mod (p(150344)-1), t=-1097449556
> 00[LIB] key integrity tests failed: checkt that exp2(150392) is d(150368) mod (q(150356)-1), t=-1097449556
Seems like this key is definitely invalid. By definition in PKCS#1:
exponent1 is d mod (p - 1)
exponent2 is d mod (q - 1)
But in your key, this is not the case.
> is created with the openssl -engine cryptodev (OCF + h/w driver) option.
Looks like a bug to me in your hardware or driver.
> works fine for our SIP TLS
This is absolutely possible, for example if it regenerates the
exponents. Nonetheless, the key is not valid according to PKCS#1.
Regards
Martin
More information about the Users
mailing list