[strongSwan] scepclient and EC pubkey support

Markus P. Beckhaus markus at beckhaus.com
Wed Jun 13 11:49:29 CEST 2018


Hi,

I am trying to use ipsec_scepclient against a 2-tiered AD CS with ECDSA setup but this fails with the following error message:

EC public key encryption not implemented
  encrypting symmetric key failed

Obviosly this tells me exactly, why it isn’t working, but on the other side we have strongswan running VPN tunnels on the same box with ECDSA certificates from abovementioned CA, so basically ECDSA modules are present and loaded.

So I am asking myself, if the scepclient does not utilize the same module architecture as the charon deamon.

My question is, if scepclient definitely does not support EC or if I can tweak my configuration in any way to add EC support to scepclient.

Best Regards

Markus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180613/451b3c7e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2006 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180613/451b3c7e/attachment.bin>


More information about the Users mailing list