|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Design] Re: [Users] multiple ipsec.secrets entries
Date: Mon Mar 03 2003 - 07:46:18 EST
Michael Richardson wrote:
> Andreas> parameter. Since X.509-1.1.6 for freeswan-2.00
Excerpt from the "Installation and Configuration Guide" for X.509-1.x.x:
- Using the patch with OpenPGP certificates
The X.509 patch also supports RSA based authentication using OpenPGP certificates and OpenPGP V3 fingerprints used as a KEY_ID identifier.
12.1 OpenPGP certificates
OpenPGP certificates containing RSA public keys can now directly be loaded in ASCII armored PGP format using the leftcert and rightcert parameters in /etc/ipsec.conf:
conn pgp
right=%any
righcert=peerCert.asc
left=%defaultroute
leftcert=gatewayCert.asc
The peer certificate must be stored locally (the default directory is /etc/ipsec.d/certs) since currently no trust can be established for PGP certificates received from a peer via the IKE protocol.
12.2 OpenPGP private keys
PGP private keys in unencrypted form can now directly be loaded in ASCII armored PGP format via an entry in /etc/ipsec.secrets:
: RSA gatewayKey.asc
At the time being "legacy" RSA keys as used by PGP 2.6.x are supported. But if there is a demand for it I could implement OpenPGP V4 keys as used by GnuPG with little additional effort.
Regards
Andreas
Andreas Steffen e-mail: andreas.steffen@strongsec.com strongSec GmbH home: http://www.strongsec.com Alter Zürichweg 20 phone: +41 1 730 80 64CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
Content Security by MailMarshal
Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Mon Mar 3 08:10:06 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:32 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |