Hi Andreas, I am converting my key file with below command:
openssl pkcs8 -nocrypt -in defaultPrivateKey.pem -out defaultPrivateKey1.pem I am putting the new file in the /etc/ipsec/certs/ipsec.d/private, do not know the reason why it is not converting. Any thing in addition i need to do for converting pkcs8 private key to pkcs1 . On Mon, Jun 3, 2013 at 12:31 PM, Andreas Steffen < [email protected]> wrote: > Hi Bhargav, > > your are still loading the PKCS#8 private key file: > > charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30 > charon: 00[LIB] => 15 bytes @ 0x1200ac807 > charon: 00[LIB] 0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 > 0...*.H........ > > Regards > > Andreas > > On 06/03/2013 08:57 AM, bhargav p wrote: > > Hi Andreas, > > > > I tried converting the private key from PKCS#8 to PKCS#1, but still I > > am getting the same error: > > > > CFPU-0 charon: 00[LIB] -----BEGIN PRIVATE KEY----- > > charon: 00[LIB] -----END PRIVATE KEY----- > > charon: 00[LIB] L0 - RSAPrivateKey: > > charon: 00[LIB] L1 - version: > > charon: 00[LIB] => 1 bytes @ 0x1200ac806 > > charon: 00[LIB] 0: 00 . > > charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30 > > charon: 00[LIB] => 15 bytes @ 0x1200ac807 > > charon: 00[LIB] 0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 > > 0...*.H........ > > charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders > > charon: 00[CFG] loading private key from > > '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed > > charon: 00[LIB] plugin 'stroke': loaded successfully > > charon: 00[LIB] plugin 'kernel-netlink': loaded successfully > > > > > > -Bhargav > > > > > > On Sat, Jun 1, 2013 at 3:17 AM, Andreas Steffen > > <[email protected] <mailto:[email protected]>> > > wrote: > > > > Hi Bhargav, > > > > The private key that you are trying to load is a PKCS#8 file, > > a format being used by openssl 1.x.x. PKCS#8 support was introduced > > with strongswan 4.6.2. So as a workaround either upgrade to a newer > > strongSwan version or convert the private key from PKCS#8 to PKCS#1 > > using the following openssl command: > > > > openssl pkcs8 -nocrypt -in key8.pem -out key1.pem > > > > Regards > > > > Andreas > > > > On 05/31/2013 08:12 AM, bhargav p wrote: > > > Hi, > > > > > > I am trying to establish the IPsec tunnel with certificates with > > charon. > > > > > > From the logs the below error is thrown: > > > > > > L0 - RSAPrivateKey: > > > charon: 00[LIB] L1 - version: > > > charon: 00[LIB] => 1 bytes @ 0x1200ac406 > > > charon: 00[LIB] 0: 00 > > . > > > charon: 00[LIB] L1 - modulus: ASN1 tag 0x02 expected, but is 0x30 > > > charon: 00[LIB] => 15 bytes @ 0x1200ac407 > > > charon: 00[LIB] 0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 > > > 0...*.H........ > > > charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 > > builders > > > charon: 00[CFG] loading private key from > > > '/etc/ipsec/certs/ipsec.d//private/defaultPrivateKey.pem' failed > > > charon: 00[LIB] plugin 'stroke': loaded successfully > > > charon: 00[LIB] plugin 'kernel-netlink': loaded successfully > > > charon: 00[DMN] loaded plugins: openssl random pem x509 pubkey > pkcs1 > > > hmac xcbc stroke kernel-netlink > > > May 31 13:32:21.117438 info CLA-0 charon: 00[JOB] spawning 16 > > worker threads > > > charon: 07[LIB] file content is not binary ASN.1 > > > > > > Can some one help me here. > > > > > > Using strongswan version:4.5.3 > > > > > > cat defaultPrivateKey.pem > > > -----BEGIN PRIVATE KEY----- > > > MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyoayXeOOMy5rE > > > tqdP56GJnNP29Ul1OSk7W8BS9Y6yZb0dlcL4NWhg4xbPk4zBZKR1FUsjKYUcNogE > > > 33G5/muESiPzLWE8CeMGf6WrXH40W99kpIho204WsIJlLG3OCF2UQCXA/FGYJTqe > > > ODKQzea0oxjEHzLdSxpYaCAggPeBuiZ5+2kf+hE+d1qxOYheFM0JGkduXr2F9I+f > > > VMDAXk64uCG8v7z5DlTrYhgDr3WhRkzv+STIDuAvqiFaV26bpa7lqmpEcO5nrklF > > > 3jJ8cDWSn+l390TIdg8pn4bJTyyfs9cYtpDpn0fndvuFvncbGAT+b5EifoUES6J9 > > > mmIBHioRAgMBAAECggEBAJZrxF2NI/jE3yA1OzDzObkbAfcc2G3I46qjeZGiTDZ3 > > > q8fE+/htaOblc6j6c/XKnR4m/y2t4fQ/C00nJ6pazwkIMbuuBAo9vRoU1Vo2ueO3 > > > Vad3UZMS0XAT1MoDnrd3ne2gEuquzrrS5sijRBlh+Zs1GD7Wkst8WcQGcr9MOp/W > > > y9B+gOMb8QcoJkiyenKIGstyFFLUd8IWtzLpPVKYABfjw+qIFmZno2+Z3uWnE6jM > > > h8J7sWFXQyBtcylhd9jxGpPn9gPkt4v9kWMe2+Pd7vCbRMQrVGx3hIuUSaLpeN11 > > > hLsCJGaSY+y4wd5P5cbL6/OveU0eEgUlQ5LYx5DngFECgYEA4CjtDmrAXnMZSbAW > > > uriD9IjsEhBwY0xYQXteNq216NYAO27e+Hl6seXG1AIPKxpbA+y9ZwOQhDA9adCV > > > fZHzd0k7QqVzEgyIo9gNa30zGIaPBG3DYKFK7bxg16MUt8K8HZKxCDG4b1gKjHJq > > > 7G+6ANM5k3P22gLFgsgF8D34i8UCgYEAzAE2R0qzjcDa6+6cG0f9aikITl2d2TMZ > > > pMC0hhy1YiSD7940QtxjnMD5dCGWYGnQhYLum78jMP49NpJcDfHfJC8QNp5vrPjq > > > dVXqWdDDf+f64ck6GYvVs+7DzCQHcLdmruvmId5p73TrSaZIpRDA8aXizJr9XfDl > > > sXRUSJlqjd0CgYB5pfwwLMLE/xWkJcnP/z6tQHlMvFshqFblAnx4lAD6oNhzaJHc > > > qqBpVtd2Sr/Mlnr6QEnxU7/j3QIXILlf8gr8m2Nrobo2+1JUCHYP9Vv7XVrT/nVf > > > RWkSZ37ux3QA3c+VBPzKA6Gh21euLJHWSjPZKsg+O1qlqYdimAaRADCYOQKBgC1o > > > G6e0ldB4W4HmAzMDTAFkDqg6qBafDBcimUu8ehbVH9S09ZboLPfH7/4MN8dP5gzB > > > ftCFs5SFEiTiYMDt1AfevdIaY6rxYGYrcFT7ZXhDrxCwVFE5UaCSBVybrFhHSgCn > > > Gvrw4U1eDby/2S18VCW1EY0O9lQBeW6NAPGDzDa1AoGAFGpXEPZfEV0RbZO7dLMN > > > O3x1Oz75HGdkLot3Cvc6RuLr8uxnQzGPTQ3FcNMnlLHnjhdmB+9rMpZlD3gmxKVv > > > 73UfJd4+oP5VfWrAEcMAZCXrJsp1TjECwAp4Qrvv+aJZI+c9qYhRhuoTMHG+NLMK > > > GMAIlLWjiZrkCZEtW15hD+o= > > > -----END PRIVATE KEY----- > > > > > > --Bhargav > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
