[strongSwan] Problem with android app when using keys for either end

Robert Dyck rob.dyck at telus.net
Tue Oct 1 06:17:51 CEST 2013 

I managed to setup strongswan on a server, a netbook and an android phone 
using eap-mschapsv2.

When I tried to setup for keys at either end, I was successful with my netbook 
but not the android. It complained that it was unable to load the CA private 
key. This doesn't make sense. Only the CA certificate should be necessary.

I have tried reloading the pkcs12 file into android. Android states that it 
loaded the phone's certificate, its private key and the CA certificate. I 
retested the eap config and the keys config. Eap is Ok, keys no.

I directed the logs to my PC and it seems that the attempt fails immediately.

See log below

I/CharonVpnService(27313): charon started
I/ActivityManager(  247): Start proc com.android.keychain for service 
com.android.keychain/.KeyChainService: pid=28696 uid=1000 gids={1015, 3002, 
3001, 3003, 1028, 3007}
I/keystore(   95): uid: 1000 action: t -> 1 state: 1 -> 1 retry: 4
I/keystore(   95): uid: 1000 action: g -> 1 state: 1 -> 1 retry: 4
I/charon  (27313): 06[CFG] loaded user certificate 'CN=nexus-s, 
E=rob.dyck at telus.net' and private key
I/charon  (27313): 06[CFG] loaded CA certificate 'CN=Rob'
I/keystore(   95): uid: 1000 action: t -> 1 state: 1 -> 1 retry: 4
I/keystore(   95): uid: 1000 action: x -> 1 state: 1 -> 1 retry: 4
V/OpenSSL-keystore(27313): keystore_bind_fn
V/OpenSSL-keystore(27313): keystore_engine_setup
V/OpenSSL-keystore(27313): keystore_loadkey(0x5111dbc0, "1000_USRPKEY_nexus-
s", 0x0, 0x0)
I/keystore(   95): uid: 10099 action: b -> 7 state: 1 -> 1 retry: 4
W/keystore_client(27313): Error from keystore: 7
V/OpenSSL-keystore(27313): Cannot get public key for 1000_USRPKEY_nexus-s
W/System.err(27313): android.security.KeyChainException: 
java.lang.RuntimeException: error:04067084:lib(4):func(103):reason(132)
W/System.err(27313):    at 
android.security.KeyChain.getPrivateKey(KeyChain.java:319)
W/System.err(27313):    at 
org.strongswan.android.logic.CharonVpnService.getUserKey(CharonVpnService.java:515)
W/System.err(27313):    at dalvik.system.NativeStart.run(Native Method)
W/System.err(27313): Caused by: java.lang.RuntimeException: 
error:04067084:lib(4):func(103):reason(132)
W/System.err(27313):    at 
org.apache.harmony.xnet.provider.jsse.NativeCrypto.ENGINE_load_private_key(Native 
Method)
W/System.err(27313):    at 
org.apache.harmony.xnet.provider.jsse.OpenSSLEngine.getPrivateKeyById(OpenSSLEngine.java:57)
W/System.err(27313):    at 
android.security.KeyChain.getPrivateKey(KeyChain.java:314)
W/System.err(27313):    ... 2 more
I/charon  (27313): 06[CFG] failed to load private key
I/CharonVpnService(27313): charon stopped

More information about the Users mailing list