Hi, unfortunately Elliptic Curve Cryptography is disable in Android's OpenSSL library.
Regards Andreas On 07/13/2012 05:29 PM, Gia T. Nguyen wrote: > > Hello, > > I got RSA 2048-bit certificate StrongSwan to work on an SEAndroid > device. However, when I tried it with an AES-256 certificate, I get > this error: > > I/charon ( 1035): 00[LIB] building CRED_PRIVATE_KEY - ECDSA failed, > tried 1 builders > I/charon ( 1035): 00[CFG] loading private key from > '/system/etc/ipsec.d/private/carolKey.pem' failed > I/charon ( 1035): 00[DMN] loaded plugins: openssl fips-prf random > pubkey pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke > eap-identity eap-mschapv2 eap-md5 > > The same AES-256 certs and configurations worked fine on an Ubuntu PC > platform. Please advise if you had seen this before. > > Cheers, > > Below are the configurations: > > # /etc/ipsec.conf - strongSwan IPsec configuration file > > config setup > crlcheckinterval=180 > strictcrlpolicy=no > plutostart=no > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > ike=aes256-sha384-ecp384,aes128-sha256-ecp256! > esp=aes256gcm16,aes128gcm16! > > conn rw > left=192.168.1.140 > leftcert=moonCert.pem > leftsubnet=10.1.0.0/16 > leftfirewall=yes > right=%any > keyexchange=ikev2 > auto=add > > # /etc/ipsec.secrets - strongSwan IPsec secrets file > > : ECDSA moonKey.pem > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
