PIN Secret¶

The daemon supports multiple PKCS#11 modules (configured in strongswan.conf) with the format %smartcard[<slotnr>[@<module>]]:<keyid>, it always requires a keyid (CKA_ID) to uniquely select the correct key.

Instead of specifying the pin code statically, %prompt can be specified, which causes the daemon to ask the user for the pin code e.g. on ipsec rereadsecrets.

Notation¶

: PIN <smartcard selector> <pin code> | %prompt

Examples¶

: PIN %smartcard1:50 1234

: PIN %smartcard1@opensc:45 %prompt

Before 5.0.0¶

Before 5.0.0 the IKEv1 daemon pluto used the format %smartcard[<slotnr>[:<keyid>]] to specify the smartcard selector.