Hi, > > > You can't tell me that (Aladdin/Safenet) eTokens are exotic... > > It's not about the token itself, but how the keys and certificates are > deployed > on it. >
Yes, of course it's not the token, but the windows software that comes with Aladdin/Safenet Tokens is the standard software that everybody uses who uses eToken on Windows and I think eToken are widely used. > > I'll have a look at it next week, shouldn't be too hard to implement this > fallback. > [[GR]] Thanks! > > I have two certificates with the same subject (different usage (sign, > > encrypt). So is there a way to tell strongswan which certificate to > > use (I can't change the smartcard)? > > No, currently not. [[GR]] Ok, can you tell me where in the source the certificate selection takes place? > > > And why is the private key found during "ipsec secrets", but not when > > I start the connection: > > The loaded private key is later looked up using the computed fingerprint. > Either the pkcs11 backend can't fingerprint the associated public key, or the > fingerprints don't match. > [[GR]] The "computed fingerprint" of what? Do I understand right: 1 the certificate is selected using the first certificate that has a matching subject compared to leftid 2 the fingerprint of the associated public key is computed 3 from any private key, you compute the public key and compute the fingerprint of that public key 4 These fingerprints from 3 are compared the fingerprint from 2 and the matching one is selected In this case we have a pkcs11 from our customer, so that might have a problem, so I like to understand how strongswan is selecting the key, so I can figure out if it is a pkcs11 or strongswan problem. Thanks & Regards Gerald > Regards > Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
