strongSwan

h1. ECDSA Secret

For  the  private key file both absolute paths or paths relative to [[IpsecDirectoryPrivate|/etc/ipsec.d/private]] are accepted. If the private key file is encrypted,   the  passphrase  must  be  defined.  Instead  of  a passphrase _%prompt_ can be used which then causes the daemons  to ask the user for the password whenever it is required to decrypt the key.

h2. Notation

: ECDSA _<private key file>_ [ _<passphrase>_ | _%prompt_ ]

h2. Examples

<pre>

: ECDSA moonKey.pem

: ECDSA sunKey.der "cjen4*lWnr3jsk"

</pre>

h2. Creation of an ECDSA key using OpenSSL 0.9.8

You can create an ECDSA key with the _openssl ecparam_ command.

<pre>

openssl ecparam -list_curves

</pre>

gives you a huge list of available elliptic curves but IKEv2 currently supports

only the following three curves:

<pre>

prime256v1

secp384r1

secp521r1

</pre>

The creation of an EC key goes like this:

<pre>

openssl ecparam -genkey -name secp384r1 -noout -out ecKey.pem

</pre>

Verify the content of the key:

<pre>

openssl ec -in ecKey.pem -text

read EC key

Private-Key: (384 bit)

priv:

    3c:75:17:c3:97:0b:b4:28:42:8c:b6:f5:56:57:32:

    2b:c1:ff:e2:ee:62:25:38:04:b1:6a:f5:23:48:e1:

    ba:79:ff:56:64:88:74:92:b7:c2:49:ab:8c:ff:b2:

    7c:6c:b3

pub:

    04:f2:cd:ca:ae:37:38:8d:98:e0:1c:f4:26:59:af:

    41:4d:fb:4f:d1:20:10:fb:88:b3:4a:b3:9b:a7:69:

    dc:0b:5c:ef:06:22:6b:8e:08:c3:c2:74:1b:36:12:

    8b:ee:45:c5:f8:3b:73:6f:0a:a4:c9:7c:e1:e9:a8:

    e2:c9:7c:6f:f1:69:b4:45:ab:d3:45:89:41:6e:68:

    9d:9a:d2:ee:fd:1a:a1:e6:ca:3f:4a:6b:0d:db:a5:

    ef:93:95:4f:8c:4c:31

ASN1 OID: secp384r1

writing EC key

-----BEGIN EC PRIVATE KEY-----

MIGkAgEBBDA8dRfDlwu0KEKMtvVWVzIrwf/i7mIlOASxavUjSOG6ef9WZIh0krfC

SauM/7J8bLOgBwYFK4EEACKhZANiAATyzcquNziNmOAc9CZZr0FN+0/RIBD7iLNK

s5unadwLXO8GImuOCMPCdBs2EovuRcX4O3NvCqTJfOHpqOLJfG/xabRFq9NFiUFu

aJ2a0u79GqHmyj9Kaw3bpe+TlU+MTDE=

-----END EC PRIVATE KEY-----

</pre>