[Openswan Users] question regarding the ipsec.secrets.
Paul Wouters
paul at xelerance.com
Mon Jan 16 19:01:55 CET 2006
On Mon, 16 Jan 2006, Shi Lang wrote:
> We know that the ipsec.secrets is in order to store the private keys.
>
> It has like Primes, Exponent, Coefficient, PublicExponent, PrivateExponent,
> and Modulus.
>
> I noticed that:
>
> "#pubkey=0sAQN7Z5ymZqvxkBIBlGJnaHGY7BC6ZQvFQDLlxJ49Hat3wZ2WSSKLIb8gJ3XKHCeu7
> U....."
>
> The public key is existed, and even through it is a comment.
the public and the private key are stored inipsec.secrets, the public key as
a 'commented' key. It is where 'ipsec showhostkey' retrieves the key from.
> My question is, the public key should be appeared in this file? Or just in
> ipsec.conf?
There is no reason to not put it in the ipsec.secrets file as we currently do.
The key has to live osmewhere, even if it is not in use by any connection in
ipsec.conf.
> Is there any formal paper defines the public key should not or should be
> included in the ipsec.secrets? or just ipsec.conf
no, but see 'man ipsec.secrets'
Paul
More information about the Users
mailing list