PIN Secret » History » Version 8
Version 7 (Tobias Brunner, 28.10.2011 17:59) → Version 8/10 (Tobias Brunner, 31.01.2013 11:30)
h1. PIN Secret
*IKEv1* uses the format @%smartcard[<slotnr>[:<keyid>]]@ to specify the smartcard selector. The *IKEv2* daemon supports multiple modules (configured in [[PKCS11Plugin|strongswan.conf]]) [[SmartCardsIKEv2|strongswan.conf]]) with the format <code>%smartcard[<slotnr>[@<module>]]:<keyid></code>, it but always requires a keyid (CKA_ID) to uniquely select the correct key.
Instead of specifying the pin code statically, _%prompt_ can be specified, which causes the daemon daemons to ask the user for the pin code e.g. on [[ipseccommand#Reread-Commands|ipsec]] _rereadsecrets_. code.
h2. Notation
: PIN _<smartcard selector>_ _<pin code>_ | _%prompt_
h2. Examples
<pre>
: PIN %smartcard1:50 1234
# only with IKEv2
: PIN %smartcard@opensc:45 %prompt
</pre>
h2. Before [[5.0.0]]
Before [[5.0.0]] the IKEv1 daemon pluto used the format @%smartcard[<slotnr>[:<keyid>]]@ to specify the smartcard selector.
*IKEv1* uses the format @%smartcard[<slotnr>[:<keyid>]]@ to specify the smartcard selector. The *IKEv2* daemon supports multiple modules (configured in [[PKCS11Plugin|strongswan.conf]]) [[SmartCardsIKEv2|strongswan.conf]]) with the format <code>%smartcard[<slotnr>[@<module>]]:<keyid></code>, it but always requires a keyid (CKA_ID) to uniquely select the correct key.
Instead of specifying the pin code statically, _%prompt_ can be specified, which causes the daemon daemons to ask the user for the pin code e.g. on [[ipseccommand#Reread-Commands|ipsec]] _rereadsecrets_. code.
h2. Notation
: PIN _<smartcard selector>_ _<pin code>_ | _%prompt_
h2. Examples
<pre>
: PIN %smartcard1:50 1234
# only with IKEv2
: PIN %smartcard@opensc:45 %prompt
</pre>
h2. Before [[5.0.0]]
Before [[5.0.0]] the IKEv1 daemon pluto used the format @%smartcard[<slotnr>[:<keyid>]]@ to specify the smartcard selector.