Issue #2308
ipsec.secrets missing ED25519 keyword
Description
If a ed25519 key is listed ipsec.secrets like this:
: ED25519 vpnhost_mrsaint_key_ed25519_key.pem
Charon would fail loading the key:
Apr 27 19:59:05 x200s charon[16253]: 00[CFG] line 10: token must be either RSA, ECDSA, BLISS, PKCS8 P12, PIN, PSK, EAP, XAUTH or NTLM
For reference, IpsecSecrets also doesn't list ED25519 as a valid type of secret yet.
Adding the ed25519 key like this works:
: RSA vpnhost_mrsaint_key_ed25519_key.pem
That is, charon ignores the RSA label and would load the key anyhow:
Apr 27 20:00:16 x200s charon[16301]: 00[CFG] loaded ED25519 private key from '/etc/ipsec.d/private/vpnhost_mrsaint_key_ed25519_key.pem'
History
#1 Updated by Andreas Steffen over 8 years ago
- Status changed from New to Feedback
- Assignee set to Andreas Steffen
Ed25519 private keys are stored in a standard PKCS#8 format. Therefore the key is loaded in ipsec.secrets using the PKCS8 keyword:
: PKCS8 vpnhost_mrsaint_key_ed25519_key.pem
See also the configuration of the following example scenario https://strongswan.org/testing/testresults/ikev2/net2net-ed25519/
#2 Updated by Alexander Turcic over 8 years ago
Andreas Steffen wrote:
Ed25519 private keys are stored in a standard PKCS#8 format. Therefore the key is loaded in ipsec.secrets using the PKCS8 keyword:
[...]See also the configuration of the following example scenario https://strongswan.org/testing/testresults/ikev2/net2net-ed25519/
Thanks for the pointer.
#3 Updated by Noel Kuntze over 8 years ago
- Status changed from Feedback to Closed
- Resolution set to No change required