PIN Secret¶
The daemon supports multiple PKCS#11 modules (configured in strongswan.conf) with the format %smartcard[<slotnr>[@<module>]]:<keyid>
, it always requires a keyid (CKA_ID) to uniquely select the correct key.
Instead of specifying the pin code statically, %prompt can be specified, which causes the daemon to ask the user for the pin code e.g. on ipsec rereadsecrets.
Notation¶
: PIN <smartcard selector> <pin code> | %prompt
Examples¶
: PIN %smartcard1:50 1234 : PIN %smartcard1@opensc:45 %prompt
Before 5.0.0¶
Before 5.0.0 the IKEv1 daemon pluto used the format %smartcard[<slotnr>[:<keyid>]]
to specify the smartcard selector.