Hi,
> Can swanctl ask interactively for the password if not inserted in the conf
> file?
It does prompt for passwords for private keys if they are not found in
the config. But it can't load shared secrets that way.
> Does this guide apply to swanctl too? Cause currently I'm root-only
>
> http
Many thanks mister, best regards.
‐‐‐ Original Message ‐‐‐
Il lunedì 13 maggio 2019 14:18, Tobias Brunner ha
scritto:
> Hi,
>
> > Can swanctl ask interactively for the password if not inserted in the conf
> > file?
>
> It does prompt for passwords for private keys if they are not foun
>Generally, you could use your own storage scheme (e.g. an encrypted
>file that's decrypted with a password entered on the console) and load
>the secrets into the daemon via VICI protocol.
Can swanctl ask interactively for the password if not inserted in the conf file?
> If you store them in swan
Hi,
> 1) Is there a "more secure" way to store the per-user psk password in
> swanctl.conf file?
First, note that shared keys will be accessible in memory once loaded
into the daemon via VICI. So the question is whether you are concerned
with the actual storage, or with other attack vectors.
G
1) Is there a "more secure" way to store the per-user psk password in
swanctl.conf file?
Reading your swanctl.conf guide
https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf#secrets-section
"It is not recommended to define any private key decryption passphrases, as
then there is no