Hi Andreas,

Thanks for the reply. It was very helpful


-----Original Message-----
From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] 
Sent: Tuesday, October 11, 2016 11:47 PM
To: Kalyani Garigipati (kagarigi) <kagar...@cisco.com>
Cc: users@lists.strongswan.org
Subject: Re: Strongswan AUTH payload signature hash algorithm for certificate 
based authentication

Hi Kalyiani,

compliant with RFC 5996, strongSwan generates the RSA public key
signature embedded in the AUTH payload with a SHA1 hash independent
of the HASH and PRF algorithm selected for IKEv2.

In addition to this legacy mechanism, strongSwan supports RFC 7427
"Signature Authentication in IKEv2"


where depending on the capabilities of the peer either SHA1, SHA256,
SHA384 or SHA512 based digital signatures are possible.

Starting with strongswan 5.3.0, "Signature Authentication" is enabled
by default and if the peer supports RFC 7427 usually SHA256 is chosen
implicitly with a 2048 bit or 3072 bit RSA key. The digest strength
of the  AUTH payload of type "Digital Signature" can also be configured
explicitly if desired.

Best regards


On 11.10.2016 19:20, Kalyani Garigipati (kagarigi) wrote:
> Hi,
> I am trying to bring up ikev2 sa between strongswan and cisco router.
> The authentication method used is certificates and prf algorithm is SHA256.
> ·         I wanted to know what is the hash algorithm that is used while
> generating the signature in AUTH payload for strongswan.
> Is it SHA1 or SHA256 ?
> ·         I observed that if I generate the signature in AUTH payload
> using SHA256, it fails the signature validation
> If I generate the signature in authentication payload using SHA1 , it
> passes the signature validation.
> RFC quotes below in page 94 of 5996
> RSA Digital Signature                  1
>       Computed as specified in Section 2.15
> <https://tools.ietf.org/html/rfc5996#section-2.15> using an RSA private key
>       with RSASSA-PKCS1-v1_5 signature scheme specified in [PKCS1
> <https://tools.ietf.org/html/rfc5996#ref-PKCS1>]
>       (implementers should note that IKEv1 used a different method for> 
>       RSA signatures).  To promote interoperability, implementations
>       that support this type SHOULD support signatures that use SHA-1
>       as the hash function and SHOULD use SHA-1 as the default hash
>       function when generating signatures
> Regards,
> kalyani

Andreas Steffen                         andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

Users mailing list

Reply via email to