I see. Thanks for the answer. -- Harry
On Tue, Jan 5, 2016 at 10:20 PM, Andreas Steffen < [email protected]> wrote: > Hi Harry, > > the loading of private keys is not handled by starter but by the > stroke plugin through processing of /etc/ipsec.secrets. Thus the > decryption of protected private key files is done directly by the > charon daemon via the stroke plugin. > > Best regards > > Andreas > > On 06.01.2016 06:19, Harry Chan-Maestas wrote: > >> Hi Andreas, >> >> Thank you for clarification. >> >> So is the "starter" process doing something similar when processing >> ipsec.secrets? Basically, I was looking something like >> >> : RSA /<private key file>/ [ /<passphrase>/ | /%prompt/ ] >> >> through VICI. >> >> Harry >> >> On Tue, Jan 5, 2016 at 9:04 PM, Andreas Steffen >> <[email protected] <mailto:[email protected]>> >> wrote: >> >> Hi Harry, >> >> yes your assumption is correct. swanctl decrypts protected private >> keys and sends them as plaintext via VICI to the charon daemon. >> >> Best regards >> >> Andreas >> >> >> On 06.01.2016 03:59, Harry Chan-Maestas wrote: >> >> Hi, >> >> Is this assumption/understanding correct? Going through the >> swantcl >> code, it seems that the way it deals with encrypted private keys >> is by >> reading the key, decrypting it, and sending the decrypted >> version to Charon. >> >> If this is not the case, would anyone know what is the API to >> send the >> encrypted RSA private key and the decrypt password to Charon >> through VICI? >> >> Thank you in advance, >> >> Harry >> >> >> ====================================================================== >> Andreas Steffen [email protected] >> <mailto:[email protected]> >> strongSwan - the Open Source VPN Solution! www.strongswan.org >> <http://www.strongswan.org> >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== >> >> >> > -- > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
