On Fri, 1 Nov 2019, Anatoli wrote:
I would like to know if there any tool to convert ipsec.secrets to nss db?
There is not, because NSS has no method of importing private keys, other than via a PKCS#12
And I notice some illogical behavior:
ipsec auto --listpubkeys 000 000 List of Public Keys: 000 000 Nov 01 11:15:17 2019, 4096 RSA Key AQN2EwF/B (no private key), until --- -- --:--:-- ---- ok (expires never) 000 ID_FQDN '@v10g1' 000 Nov 01 11:15:17 2019, 4096 RSA Key AQPyMQ+eW (has private key), until --- -- --:--:-- ---- ok (expires never) 000 ID_FQDN '@n10gf1' ipsec auto --up n-v10g1 002 "n-v10g1" #2130: initiating v2 parent SA 181 "n-v10g1" #2130: initiate 181 "n-v10g1" #2130: STATE_PARENT_I1: sent v2I1, expected v2R1 003 "n-v10g1" #2130: Can't find the certificate or private key from the NSS CKA_ID 003 "n-v10g1" #2130: Failed to find our RSA key I can understand nss is here, but common pluto already knows all keys, why it wants to read it again?
It is a limitation in the current key/connection lookup that we are looking at eliminating. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
