Replies: 1 comment 2 replies
-
If OpenSSL can parse such keys, maybe use that via openssl plugin. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi! I'm trying to modify Strongswan 5.9.4 to be able to use belarussian cryptography standarts and faced issue described in the title. I've already implemented encryption/decryption and digital signature algorithms and everything seems to be working smoothly. But recently I've tried to use PBKDF2 using said custom algorithm for private key encryption. And, obviously, I've faced "parsing ANY private key failed".
Openssl-1.1.1w command I used for private key generation/encryption
openssl genpkey -engine bee2evp -algorithm bign -pkeyopt params:bign-curve256v1 -out name.pem.key -outform PEM -pass stdin -belt-kwp256
Encrypted key file looks like this
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGdMEgGCSqGSIb3DQEFDTA7MCoGCSqGSIb3DQEFDDAdBAiDEflcmdqnsAICCAAw
DQYJKnAAAgAiZS8MBQAwDQYJKnAAAgAiZR9JBQAEUQfPYsj9hgBClXGddPm9e3yz
DpKwpbJD7AiYpp7X6gAucAsITdQaXDz9/8HnuxI+nISs6GpI4EfWGXWr+Kw9159R
UibyAhN2OdMgeIlg0pbaQw==
-----END ENCRYPTED PRIVATE KEY-----
So, I'm wondering if there's any convenient way to load encrypted private keys without changing the source code? If not, what and where should I change? Probably, it'd be the best option to use ipsec.secrets, but it allows only RSA, ECDSA etc, maybe I can change that? Please guide me in the right direction, thank you!
Beta Was this translation helpful? Give feedback.
All reactions