[Openswan Users] My private keys not showing up with --listall
Paul Wouters
paul at xelerance.com
Tue Oct 14 17:21:30 EDT 2008
On Tue, 14 Oct 2008, OCG Technical Support wrote:
> I see IPsec is trying to load my private key, but I don't see anything
> indicated it got the key contents...is this right?
It got the key loaded fine.
> Oct 14 14:33:43 firewall pluto[28430]: loaded private key file
> '/etc/ipsec.d/private/firewall-private-key.pem' (963 bytes)
> Oct 14 14:33:43 firewall pluto[28430]: | file content is not binary ASN.1
> Oct 14 14:33:43 firewall pluto[28430]: | -----BEGIN RSA PRIVATE KEY-----
> Oct 14 14:33:43 firewall pluto[28430]: | Proc-Type: 4,ENCRYPTED
> Oct 14 14:33:43 firewall pluto[28430]: | DEK-Info:
> DES-EDE3-CBC,F561E93B0DF4ACC8
> Oct 14 14:33:43 firewall pluto[28430]: | -----END RSA PRIVATE KEY-----
> Oct 14 14:33:43 firewall pluto[28430]: | decrypting file using
> 'DES-EDE3-CBC'
> Oct 14 14:33:43 firewall pluto[28430]: | file coded in PEM format
> Oct 14 14:33:43 firewall pluto[28430]: | L0 - RSAPrivateKey:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - version:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - modulus:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - publicExponent:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - privateExponent:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime1:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime2:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent1:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent2:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - coefficient:
> Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
> PPK_RSA:AwEAAav/b
> Oct 14 14:33:43 firewall pluto[28430]: loading secrets from
> "/etc/ipsec.d/firewall-key.secrets"
> Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
> PPK_RSA:AQOWMNen9
So perhaps the key is not associated with the signed certificate?
You should see something like this when using ipsec auto --listall
000
000 List of Public Keys:
000
000 Jan 16 15:56:34 2004, 1024 RSA Key AwEAAawQP, until Jan 14 12:49:37 2005 ok
000 ID_DER_ASN1_DN 'C=CA, L=Toronto, O=Xelerance, CN=gateway.xelerance.com'
000 Issuer 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000 Jan 16 14:05:43 2004, 1024 RSA Key AwEAAcOAn, until Jan 14 12:51:45 2005 ok
000 ID_DER_ASN1_DN 'C=CA, L=Toronto, O=Xelerance, CN=revoked.xelerance.com'
000 Issuer 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000
000 List of X.509 End Certificates:
000
000 Jan 16 14:05:43 2004, count: 1
000 subject: 'C=CA, L=Toronto, O=Xelerance, CN=revoked.xelerance.com'
000 issuer: 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000 serial: 03
000 pubkey: 1024 RSA Key AwEAAcOAn, has private key
000 validity: not before Jan 15 12:51:45 2004 ok
000 not after Jan 14 12:51:45 2005 ok
000 subjkey: d9:42:72:3e:09:c0:ae:34:12:67:92:29:56:ae:06:1b:8e:9d:de:d4000 authkey: f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000 aserial: 00
000
000 List of X.509 CA Certificates:
000
000 Jan 16 14:05:41 2004, count: 1
000 subject: 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000 issuer: 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAcDuO
000 validity: not before Jan 06 10:13:46 2004 ok
000 not after Jan 01 10:13:46 2024 ok
000 subjkey: f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000 authkey: f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000 aserial: 00
Note that the X.509 end certificate that is loaded shows "has private key".
Paul
More information about the Users
mailing list