Hi Andreas, Thanks for the reply. It was very helpful
Regards, kalyani -----Original Message----- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Tuesday, October 11, 2016 11:47 PM To: Kalyani Garigipati (kagarigi) <kagar...@cisco.com> Cc: users@lists.strongswan.org Subject: Re: Strongswan AUTH payload signature hash algorithm for certificate based authentication Hi Kalyiani, compliant with RFC 5996, strongSwan generates the RSA public key signature embedded in the AUTH payload with a SHA1 hash independent of the HASH and PRF algorithm selected for IKEv2. In addition to this legacy mechanism, strongSwan supports RFC 7427 "Signature Authentication in IKEv2" https://tools.ietf.org/html/rfc7427 where depending on the capabilities of the peer either SHA1, SHA256, SHA384 or SHA512 based digital signatures are possible. Starting with strongswan 5.3.0, "Signature Authentication" is enabled by default and if the peer supports RFC 7427 usually SHA256 is chosen implicitly with a 2048 bit or 3072 bit RSA key. The digest strength of the AUTH payload of type "Digital Signature" can also be configured explicitly if desired. Best regards Andreas On 11.10.2016 19:20, Kalyani Garigipati (kagarigi) wrote: > Hi, > > I am trying to bring up ikev2 sa between strongswan and cisco router. > > The authentication method used is certificates and prf algorithm is SHA256. > > · I wanted to know what is the hash algorithm that is used while > generating the signature in AUTH payload for strongswan. > > Is it SHA1 or SHA256 ? > > · I observed that if I generate the signature in AUTH payload > using SHA256, it fails the signature validation > > If I generate the signature in authentication payload using SHA1 , it > passes the signature validation. > > RFC quotes below in page 94 of 5996 > > RSA Digital Signature 1 > > Computed as specified in Section 2.15 > <https://tools.ietf.org/html/rfc5996#section-2.15> using an RSA private key > > with RSASSA-PKCS1-v1_5 signature scheme specified in [PKCS1 > <https://tools.ietf.org/html/rfc5996#ref-PKCS1>] > (implementers should note that IKEv1 used a different method for> > RSA signatures). To promote interoperability, implementations > that support this type SHOULD support signatures that use SHA-1 > as the hash function and SHOULD use SHA-1 as the default hash > function when generating signatures > > Regards, > > kalyani ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users