On Mon, 16 Mar 2020, Cesar Pereida wrote:
Hey Libreswan folks, What is the current status on supporting DSA and ECDSA during authentication? In case they are supported, could you point me to simple commands to generate keys and configuration files using them?
ECDSA is supported for the IKE authentication using authby=ecdsa and for certificate signatures. For generation of ECDSA cerrtificates, see the various tutorials for openssl or nss/certutil. You can find some examples we use for testing at: https://github.com/libreswan/libreswan/tree/master/testing/x509 raw keys (eg public keys without certificates) do not yet support ECDSA. I'm not sure what you mean with "DSA", as the term is confusing. NIST uses this term for "Digital Signature Authentication". Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
