Hello,
after some research, I think I can answer my own question in case anyone finds the same problem in the future. The line that should be added in this case to ipsec.secrets is: <leftipaddress> : PIN %smartcard:N "1234" Being N the slot number of the smartcard and "pin1234" the pin code. More info here: https://wiki.strongswan.org/projects/strongswan/wiki/PinSecret After this step, I still had problems because when I wrote my engine, I didn't implement a PIN command. This has to be added to your OpenSSL Engine implementation. As an example, one can take a look to the implementation of the OpenSSL dynamic engine: https://github.com/openssl/openssl/blob/master/crypto/engine/eng_dyn.c Now the key is loaded and everything works fine. Hope this helps anyone. Best regards, Ignacio ________________________________ De: Dev <dev-boun...@lists.strongswan.org> en nombre de Ignacio Alamo Corsino <nacao2...@hotmail.com> Enviado: lunes, 7 de agosto de 2017 15:55 Para: dev@lists.strongswan.org Asunto: [strongSwan-dev] Read private key with OpenSSL Engine Hello, I have written an OpenSSL engine to communicate with my smartcard (no pkcs#11 involved). This engine loads some private key information from the smartcard (n,e) and also performs private key operations like signing. The private key is normally loaded with the ENGINE_load_private_key OpenSSL function. The problem that I have is that I don't know how to tell strongSwan to load the private key information using my engine in ipsec.secrets, so I always end up with an "no private key found for 'Cert_XXXXXX'" error. I am aware that I should use the openssl plugin but I don't know how to apply it to this case. Thanks for your time. Regards, Ignacio
