Hi, I have been asked by a client to investigate what it would take to create a linux strongswan deployment that integrates strongswan IKEv2 with a USB security smartcard. We already have some Aladdin Token JavaCard (USB ID 0529:0620) dongles but I imagine that any well known dongle will do. We want to deploy a PKI based system where the RSA private key is stored in the smartcard.
Just to make sure I don't get the wrong replies, I would like to reiterate that this email refers to charon (IKEv2) smartcard integration. The smartcard related pages in the strongswan wiki, don't apply in this case, because they refer to pluto IKEv1 smartcard integration. My understanding from reading various sources, is that to get charon to work with a smartcard, I need to do the following: 1) setup charon to use openssl instead of its default plugins for RSA 2) use engine_pkcs11 to provide PKCS openssl engine (and somehow get charon to use it) 3) use openct to provide driver access to the dongle 4) I think I also need opensc because engine_pkcs11 expects it but I am not sure. Does anyone have any experience with this sort of integration? I believe the client is willing to pay for this. Obviously a ready made solution would be ideal but if we will have to develop it ourselves. Regards, Dimitrios Siganos _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users