[strongSwan] scepclient and encrypted private key
Tobias Brunner
tobias at strongswan.org
Mon May 7 17:17:28 CEST 2018
Hi Dariusz,
>>> Does it use the information in /etc/ipsec.secrets or is there another
>>> way?
>>
>> It doesn't. You have to decrypt the key to use it with scepclient.
>
> Thank you Tobias. I guess I was mislead by the fact that there are
> traces of an attempt to implement this (like a call to pem_decrypt if
> a passphrase has been returned from the enumerator).
That's just the generic code in the pem plugin, which does support
encrypted keys and expects a credential set to provide the password.
The scepclient utility could be extended to support that (like e.g. the
pki tool does), but it's currently just not implemented (also see [1]).
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Scepclient
More information about the Users
mailing list