On Thursday 18 August 2011 09:15:14 luxInteg wrote: > Greetings, > > I have a system with these: > cpu -->-intel-P4 ; > os:--> cblfs linux kernel-2.6.37.6 > openct-0.6.18; > opensc-0.11.11 > > I am attempting to use pkcs15-init to transfer a private key from a > 'security-authority'//computer to a smart card. The latter is the > rainbow-ikey3000. it is to be used on a internet gateway computer with > strongswan. I followed the instructions I found here:- > http://www.strongswan.org/docs/readme.htm#section_8.5 > > step1 : OK > pkcs15-init --erase-card --create-pkcs15 > > step2 -OK > pkcs15-init --auth-id 1 --store-pin --pin "12345678" > --puk "87654321" --label "my PIN" > > step3 -failed > pkcs15-init --auth-id 1 --store-private-key mykey.pem > [--id 45] > I obtain the following error:- > > ################## > [pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No > readers found > Using reader with a card: Rainbow iKey 3000 > error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt > error:0906A065:PEM routines:PEM_do_header:bad decrypt > error: Unable to read private key from mykey.pem > > Aborting. > ####### > > I have two passphrases I used whan I gnerated the key; the passhrase for > the certificate mycert.pem and the passphrase for the CA when I signed it. > I tried either of these passphrases without success. > > I get the same response no mater what I put as passphrase > > Help would be appreciated > > yours sincerely > lux-integ > I had some help from the opensc folks they suggested generating the key with the -node switch (i.e. making a passwordless unencripted key) -presumedely like so
openssl req -newkey rsa:1024 -node -keyout hostKey.pem -out hostReq.pem ( http://www.strongswan.org/docs/readme.htm#section_3.2 ) I would be grateful if someone on list could comment on the security implications of a private key for a gateway that is unencrypted? yours sincerely lux-integ _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users