Hello Jason, the key2keyid tool computes the keyid of either a private or public key file but not of the public key contained in an X.509 certificate file.
But you can compute the keyid of a certificate directly with the following command: ipsec pki --keyid --in strongswanCert.pem --type x509 subjectKeyIdentifier: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef subjectPublicKeyInfo hash: ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc and remove the colons ':' in the subjectKeyIdentifier. Best regards Andreas J. Tang wrote: > I am trying to work through the example SQL statements in testing/ > tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql. For the second > INSERT, > > INSERT INTO identities ( > type, data > ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root > CA' */ > 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' > ); > > Where did the key ID come from? I tried: > > scripts/key2keyid < strongswanCert.der > > where strongswanCert.der is the x509 DER-encoded certificate stored > on line 38 of data.sql. I keep getting the error: > > "unable to parse input key." > > The same occurs when I try scripts/key2keyid. > > My question is, how do I determine which key ID should be placed in > the SQL statements? > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
