[Openswan Users] My private keys not showing up with --listall

Paul Wouters paul at xelerance.com
Tue Oct 14 17:21:30 EDT 2008 

On Tue, 14 Oct 2008, OCG Technical Support wrote:

> I see IPsec is trying to load my private key, but I don't see anything
> indicated it got the key contents...is this right?

It got the key loaded fine. 

> Oct 14 14:33:43 firewall pluto[28430]:   loaded private key file
> '/etc/ipsec.d/private/firewall-private-key.pem' (963 bytes)
> Oct 14 14:33:43 firewall pluto[28430]: |   file content is not binary ASN.1
> Oct 14 14:33:43 firewall pluto[28430]: |   -----BEGIN RSA PRIVATE KEY-----
> Oct 14 14:33:43 firewall pluto[28430]: |   Proc-Type: 4,ENCRYPTED
> Oct 14 14:33:43 firewall pluto[28430]: |   DEK-Info:
> DES-EDE3-CBC,F561E93B0DF4ACC8
> Oct 14 14:33:43 firewall pluto[28430]: |   -----END RSA PRIVATE KEY-----
> Oct 14 14:33:43 firewall pluto[28430]: |   decrypting file using
> 'DES-EDE3-CBC'
> Oct 14 14:33:43 firewall pluto[28430]: |   file coded in PEM format
> Oct 14 14:33:43 firewall pluto[28430]: | L0 - RSAPrivateKey:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - version:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - modulus:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - publicExponent:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - privateExponent:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime1:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - prime2:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent1:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - exponent2:
> Oct 14 14:33:43 firewall pluto[28430]: | L1 - coefficient:
> Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
> PPK_RSA:AwEAAav/b
> Oct 14 14:33:43 firewall pluto[28430]: loading secrets from
> "/etc/ipsec.d/firewall-key.secrets"
> Oct 14 14:33:43 firewall pluto[28430]: loaded private key for keyid:
> PPK_RSA:AQOWMNen9

So perhaps the key is not associated with the signed certificate?

You should see something like this when using ipsec auto --listall

000
000 List of Public Keys:
000
000 Jan 16 15:56:34 2004, 1024 RSA Key AwEAAawQP, until Jan 14 12:49:37 2005 ok
000        ID_DER_ASN1_DN 'C=CA, L=Toronto, O=Xelerance, CN=gateway.xelerance.com'
000        Issuer 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000 Jan 16 14:05:43 2004, 1024 RSA Key AwEAAcOAn, until Jan 14 12:51:45 2005 ok
000        ID_DER_ASN1_DN 'C=CA, L=Toronto, O=Xelerance, CN=revoked.xelerance.com'
000        Issuer 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000
000 List of X.509 End Certificates:
000
000 Jan 16 14:05:43 2004, count: 1
000        subject: 'C=CA, L=Toronto, O=Xelerance, CN=revoked.xelerance.com'
000        issuer:  'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000        serial:   03
000        pubkey:   1024 RSA Key AwEAAcOAn, has private key
000        validity: not before Jan 15 12:51:45 2004 ok
000                  not after  Jan 14 12:51:45 2005 ok
000        subjkey:  d9:42:72:3e:09:c0:ae:34:12:67:92:29:56:ae:06:1b:8e:9d:de:d4000        authkey:  f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000        aserial:  00
000
000 List of X.509 CA Certificates:
000
000 Jan 16 14:05:41 2004, count: 1
000        subject: 'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000        issuer:  'C=CA, L=Toronto, O=Xelerance CA, CN=Xelerance CA, E=postmaster at xelerance.com'
000        serial:   00
000        pubkey:   1024 RSA Key AwEAAcDuO
000        validity: not before Jan 06 10:13:46 2004 ok
000                  not after  Jan 01 10:13:46 2024 ok
000        subjkey:  f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000        authkey:  f1:26:c1:78:45:0e:ac:8a:03:59:9b:86:ed:91:07:4e:5a:2d:e4:14000        aserial:  00

Note that the X.509 end certificate that is loaded shows "has private key".

Paul

More information about the Users mailing list