after some research, I think I can answer my own question in case anyone finds 
the same problem in the future.

The line that should be added in this case to ipsec.secrets is:

<leftipaddress> : PIN %smartcard:N "1234"

Being N the slot number of the smartcard and "pin1234" the pin code.

More info here: https://wiki.strongswan.org/projects/strongswan/wiki/PinSecret

After this step, I still had problems because when I wrote my engine, I didn't 
implement a PIN command.

This has to be added to your OpenSSL Engine implementation.

As an example, one can take a look to the implementation of the OpenSSL dynamic 


Now the key is loaded and everything works fine.

Hope this helps anyone.

Best regards,


De: Dev <dev-boun...@lists.strongswan.org> en nombre de Ignacio Alamo Corsino 
Enviado: lunes, 7 de agosto de 2017 15:55
Para: dev@lists.strongswan.org
Asunto: [strongSwan-dev] Read private key with OpenSSL Engine


I have written an OpenSSL engine to communicate with my smartcard (no pkcs#11 

This engine loads some private key information from the smartcard (n,e) and 
also performs private key operations like signing.

The private key is normally loaded with the ENGINE_load_private_key OpenSSL 

The problem that I have is that I don't know how to tell strongSwan to load the 
private key information using my engine in ipsec.secrets,

so I always end up with an "no private key found for 'Cert_XXXXXX'" error.

I am aware that I should use the openssl plugin but I don't know how to apply 
it to this case.

Thanks for your time.



Reply via email to