[Openswan dev] RSA in IKE?

Craig Shue cshue at cs.indiana.edu
Thu Apr 14 21:53:14 CEST 2005


I attempting to research the cryptography operations used in the IKE 
portion of Openswan and could use a little insight on the RSA portion 
(I'm testing openswan 2.3.1dr3).

In programs/pluto/keys.c, there are  a number of RSA key management 
operations, but I am not finding any kind of encryption or decryption 
routines (which I'm interested in timing) there.

In programs/pluto/ipsec_doi.c, I notice there are RSA functions for 
signing a hash and for verifying such a signature. However, if my 
understanding is correct, the nonce values exchanged between the 
initiator and responder must be encrypted with the public key other the 
other party. So, where does this encryption occur (and it's 
corresponding decryption) and why is RSA signing and verification occurring?

Any and all assistance is greatly appreciated!


-- Craig

More information about the Dev mailing list