[strongSwan] scepclient and encrypted private key

Tobias Brunner tobias at strongswan.org
Mon May 7 17:17:28 CEST 2018

Hi Dariusz,

>>> Does it use the information in /etc/ipsec.secrets or is there another
>>> way?
>> It doesn't.  You have to decrypt the key to use it with scepclient.
> Thank you Tobias. I guess I was mislead by the fact that there are
> traces of an attempt to implement this (like a call to pem_decrypt if
> a passphrase has been returned from the enumerator).

That's just the generic code in the pem plugin, which does support
encrypted keys and expects a credential set to provide the password.
The scepclient utility could be extended to support that (like e.g. the
pki tool does), but it's currently just not implemented (also see [1]).


[1] https://wiki.strongswan.org/projects/strongswan/wiki/Scepclient

More information about the Users mailing list