[Openswan Users] question regarding the ipsec.secrets.

Paul Wouters paul at xelerance.com
Mon Jan 16 19:01:55 CET 2006

On Mon, 16 Jan 2006, Shi Lang wrote:

> We know that the ipsec.secrets is in order to store the private keys.
> It has like Primes, Exponent, Coefficient, PublicExponent, PrivateExponent,
> and Modulus.
> I noticed that:
> "#pubkey=0sAQN7Z5ymZqvxkBIBlGJnaHGY7BC6ZQvFQDLlxJ49Hat3wZ2WSSKLIb8gJ3XKHCeu7
> U....."
> The public key is existed, and even through it is a comment.

the public and the private key are stored inipsec.secrets, the public key as
a 'commented' key. It is where 'ipsec showhostkey' retrieves the key from.

> My question is, the public key should be appeared in this file? Or just in
> ipsec.conf?

There is no reason to not put it in the ipsec.secrets file as we currently do.
The key has to live osmewhere, even if it is not in use by any connection in

> Is there any formal paper defines the public key should not or should be
> included in the ipsec.secrets? or just ipsec.conf

no, but see 'man ipsec.secrets'


More information about the Users mailing list