[strongSwan] loading private key file is failing with charon, when trying to establish IPsec tunnel with certifiactes.

bhargav p bhargav.1226 at gmail.com
Mon Jun 3 09:20:07 CEST 2013


Hi Andreas,

I am converting my key file with below command:

 openssl pkcs8 -nocrypt -in defaultPrivateKey.pem -out
defaultPrivateKey1.pem


I am putting the new file in the /etc/ipsec/certs/ipsec.d/private, do not
know the reason why it is not converting.


Any thing in addition i need to do for converting pkcs8 private key to
pkcs1 .




On Mon, Jun 3, 2013 at 12:31 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Bhargav,
>
> your are still loading the PKCS#8 private key file:
>
> charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30
>  charon: 00[LIB] => 15 bytes @ 0x1200ac807
>  charon: 00[LIB]    0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
> 0...*.H........
>
> Regards
>
> Andreas
>
> On 06/03/2013 08:57 AM, bhargav p wrote:
> > Hi Andreas,
> >
> > I tried converting the private key from  PKCS#8 to PKCS#1, but still I
> > am getting the same error:
> >
> > CFPU-0 charon: 00[LIB]   -----BEGIN PRIVATE KEY-----
> >  charon: 00[LIB]   -----END PRIVATE KEY-----
> > charon: 00[LIB] L0 - RSAPrivateKey:
> >  charon: 00[LIB] L1 - version:
> >  charon: 00[LIB] => 1 bytes @ 0x1200ac806
> >  charon: 00[LIB]    0: 00                                               .
> >  charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30
> >  charon: 00[LIB] => 15 bytes @ 0x1200ac807
> >  charon: 00[LIB]    0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
> > 0...*.H........
> >  charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
> >  charon: 00[CFG]   loading private key from
> > '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed
> >  charon: 00[LIB] plugin 'stroke': loaded successfully
> >  charon: 00[LIB] plugin 'kernel-netlink': loaded successfully
> >
> >
> > -Bhargav
> >
> >
> > On Sat, Jun 1, 2013 at 3:17 AM, Andreas Steffen
> > <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> > wrote:
> >
> >     Hi Bhargav,
> >
> >     The private key that you are trying to load is a PKCS#8 file,
> >     a format being used by openssl 1.x.x. PKCS#8 support was introduced
> >     with strongswan 4.6.2. So as a workaround either upgrade to a newer
> >     strongSwan version or convert the private key from PKCS#8 to PKCS#1
> >     using the following openssl command:
> >
> >     openssl pkcs8 -nocrypt -in key8.pem -out key1.pem
> >
> >     Regards
> >
> >     Andreas
> >
> >     On 05/31/2013 08:12 AM, bhargav p wrote:
> >     > Hi,
> >     >
> >     > I am trying to establish the IPsec tunnel with certificates with
> >     charon.
> >     >
> >     > From the logs the below error is thrown:
> >     >
> >     > L0 - RSAPrivateKey:
> >     >  charon: 00[LIB] L1 - version:
> >     >  charon: 00[LIB] => 1 bytes @ 0x1200ac406
> >     >  charon: 00[LIB]    0: 00
> >           .
> >     >  charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30
> >     >  charon: 00[LIB] => 15 bytes @ 0x1200ac407
> >     >  charon: 00[LIB]    0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
> >     > 0...*.H........
> >     > charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5
> >     builders
> >     >  charon: 00[CFG]   loading private key from
> >     > '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed
> >     >  charon: 00[LIB] plugin 'stroke': loaded successfully
> >     >  charon: 00[LIB] plugin 'kernel-netlink': loaded successfully
> >     >  charon: 00[DMN] loaded plugins: openssl random pem x509 pubkey
> pkcs1
> >     > hmac xcbc stroke kernel-netlink
> >     > May 31 13:32:21.117438 info CLA-0 charon: 00[JOB] spawning 16
> >     worker threads
> >     > charon: 07[LIB]   file content is not binary ASN.1
> >     >
> >     > Can some one help me here.
> >     >
> >     > Using strongswan version:4.5.3
> >     >
> >     > cat defaultPrivateKey.pem
> >     > -----BEGIN PRIVATE KEY-----
> >     > MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyoayXeOOMy5rE
> >     > tqdP56GJnNP29Ul1OSk7W8BS9Y6yZb0dlcL4NWhg4xbPk4zBZKR1FUsjKYUcNogE
> >     > 33G5/muESiPzLWE8CeMGf6WrXH40W99kpIho204WsIJlLG3OCF2UQCXA/FGYJTqe
> >     > ODKQzea0oxjEHzLdSxpYaCAggPeBuiZ5+2kf+hE+d1qxOYheFM0JGkduXr2F9I+f
> >     > VMDAXk64uCG8v7z5DlTrYhgDr3WhRkzv+STIDuAvqiFaV26bpa7lqmpEcO5nrklF
> >     > 3jJ8cDWSn+l390TIdg8pn4bJTyyfs9cYtpDpn0fndvuFvncbGAT+b5EifoUES6J9
> >     > mmIBHioRAgMBAAECggEBAJZrxF2NI/jE3yA1OzDzObkbAfcc2G3I46qjeZGiTDZ3
> >     > q8fE+/htaOblc6j6c/XKnR4m/y2t4fQ/C00nJ6pazwkIMbuuBAo9vRoU1Vo2ueO3
> >     > Vad3UZMS0XAT1MoDnrd3ne2gEuquzrrS5sijRBlh+Zs1GD7Wkst8WcQGcr9MOp/W
> >     > y9B+gOMb8QcoJkiyenKIGstyFFLUd8IWtzLpPVKYABfjw+qIFmZno2+Z3uWnE6jM
> >     > h8J7sWFXQyBtcylhd9jxGpPn9gPkt4v9kWMe2+Pd7vCbRMQrVGx3hIuUSaLpeN11
> >     > hLsCJGaSY+y4wd5P5cbL6/OveU0eEgUlQ5LYx5DngFECgYEA4CjtDmrAXnMZSbAW
> >     > uriD9IjsEhBwY0xYQXteNq216NYAO27e+Hl6seXG1AIPKxpbA+y9ZwOQhDA9adCV
> >     > fZHzd0k7QqVzEgyIo9gNa30zGIaPBG3DYKFK7bxg16MUt8K8HZKxCDG4b1gKjHJq
> >     > 7G+6ANM5k3P22gLFgsgF8D34i8UCgYEAzAE2R0qzjcDa6+6cG0f9aikITl2d2TMZ
> >     > pMC0hhy1YiSD7940QtxjnMD5dCGWYGnQhYLum78jMP49NpJcDfHfJC8QNp5vrPjq
> >     > dVXqWdDDf+f64ck6GYvVs+7DzCQHcLdmruvmId5p73TrSaZIpRDA8aXizJr9XfDl
> >     > sXRUSJlqjd0CgYB5pfwwLMLE/xWkJcnP/z6tQHlMvFshqFblAnx4lAD6oNhzaJHc
> >     > qqBpVtd2Sr/Mlnr6QEnxU7/j3QIXILlf8gr8m2Nrobo2+1JUCHYP9Vv7XVrT/nVf
> >     > RWkSZ37ux3QA3c+VBPzKA6Gh21euLJHWSjPZKsg+O1qlqYdimAaRADCYOQKBgC1o
> >     > G6e0ldB4W4HmAzMDTAFkDqg6qBafDBcimUu8ehbVH9S09ZboLPfH7/4MN8dP5gzB
> >     > ftCFs5SFEiTiYMDt1AfevdIaY6rxYGYrcFT7ZXhDrxCwVFE5UaCSBVybrFhHSgCn
> >     > Gvrw4U1eDby/2S18VCW1EY0O9lQBeW6NAPGDzDa1AoGAFGpXEPZfEV0RbZO7dLMN
> >     > O3x1Oz75HGdkLot3Cvc6RuLr8uxnQzGPTQ3FcNMnlLHnjhdmB+9rMpZlD3gmxKVv
> >     > 73UfJd4+oP5VfWrAEcMAZCXrJsp1TjECwAp4Qrvv+aJZI+c9qYhRhuoTMHG+NLMK
> >     > GMAIlLWjiZrkCZEtW15hD+o=
> >     > -----END PRIVATE KEY-----
> >     >
> >     > --Bhargav
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130603/da8c5f18/attachment.html>


More information about the Users mailing list