Re: [strongSwan-dev] VICI API for sending decrypt password for RSA private key

Tue, 05 Jan 2016 22:20:31 -0800 

Hi Harry,

the loading of private keys is not handled by starter but by the
stroke plugin through processing of /etc/ipsec.secrets. Thus the
decryption of protected private key files is done directly by the
charon daemon via the stroke plugin.

Best regards

Andreas

On 06.01.2016 06:19, Harry Chan-Maestas wrote:

Hi Andreas,

Thank you for clarification.

So is the "starter" process doing something similar when processing
ipsec.secrets? Basically, I was looking something like

: RSA /<private key file>/ [ /<passphrase>/ | /%prompt/ ]

through VICI.

Harry

On Tue, Jan 5, 2016 at 9:04 PM, Andreas Steffen
<[email protected] <mailto:[email protected]>>
wrote:

    Hi Harry,

    yes your assumption is correct. swanctl decrypts protected private
    keys and sends them as plaintext via VICI to the charon daemon.

    Best regards

    Andreas


    On 06.01.2016 03:59, Harry Chan-Maestas wrote:

        Hi,

        Is this assumption/understanding correct? Going through the swantcl
        code, it seems that the way it deals with encrypted private keys
        is by
        reading the key, decrypting it, and sending the decrypted
        version to Charon.

        If this is not the case, would anyone know what is the API to
        send the
        encrypted RSA private key and the decrypt password to Charon
        through VICI?

        Thank you in advance,

        Harry


    ======================================================================
    Andreas Steffen [email protected]
    <mailto:[email protected]>
    strongSwan - the Open Source VPN Solution! www.strongswan.org
    <http://www.strongswan.org>
    Institute for Internet Technologies and Applications
    University of Applied Sciences Rapperswil
    CH-8640 Rapperswil (Switzerland)
    ===========================================================[ITA-HSR]==




--
======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

Reply via email to