Is there a test? Big chunks of the RSA vs ECDSA code were merged - so it would help us know where things fall short.
On Mon, 16 Mar 2020 at 13:50, Paul Wouters <[email protected]> wrote: > > On Mon, 16 Mar 2020, Cesar Pereida wrote: > > > Hey Libreswan folks, > > What is the current status on supporting DSA and ECDSA during > > authentication? > > In case they are supported, could you point me to simple commands to > > generate keys and configuration files using them? > > ECDSA is supported for the IKE authentication using authby=ecdsa and for > certificate signatures. For generation of ECDSA cerrtificates, see the > various tutorials for openssl or nss/certutil. You can find some > examples we use for testing at: > > https://github.com/libreswan/libreswan/tree/master/testing/x509 > > raw keys (eg public keys without certificates) do not yet support ECDSA. > > I'm not sure what you mean with "DSA", as the term is confusing. NIST > uses this term for "Digital Signature Authentication". > > Paul > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
