[strongSwan] scepclient and encrypted private key
tobias at strongswan.org
Mon May 7 17:17:28 CEST 2018
>>> Does it use the information in /etc/ipsec.secrets or is there another
>> It doesn't. You have to decrypt the key to use it with scepclient.
> Thank you Tobias. I guess I was mislead by the fact that there are
> traces of an attempt to implement this (like a call to pem_decrypt if
> a passphrase has been returned from the enumerator).
That's just the generic code in the pem plugin, which does support
encrypted keys and expects a credential set to provide the password.
The scepclient utility could be extended to support that (like e.g. the
pki tool does), but it's currently just not implemented (also see ).
More information about the Users