Store

BSD Books


Feed

Categories

Ads

Recent Posts

Ads

Security Advisories

RSS FreeBSD Advisories

RSS NetBSD Advisories

Q: Why do I get “ERROR: failed to get private key” when trying to establish an IPSec tunnel with racoon (ipsec-tools)?


A: If you are using x509 certificates to authenticate your end-points,
it is likely that your private keys are encrypted (assume the private key
is named maguro.key)

  # less maguro.key
  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: DES-EDE3-CBC,94BC2753E921722E

  BjPpMYZouxEUBSdEtuRrnbcdGaTlmfuIh8RNxuijBU6ZawY1I5hosULrFKzrLzZt
  FJ9kg9Zo60o7U0FGzI1LTw4UalQnnkgH/quRZ4pJeM20Hjc5m4mj+YDtXAgNXYrw
  [ snip ]
  F2EmHvuKGA+kF50n2CF9zXbg95iJZ2Fn57+8FTOmzNDMxQZDgfJ2BM2iy4eCy2kv
  gp9gSvZrPLXJsw8ezrIsaNGsD9WEKim50je1LiWNMlBiVr8U41wgPg==
  -----END RSA PRIVATE KEY-----

 
To retrieve the unencrypted private key you should run the command(s):

  # mv maguro.key maguro.key.encrypted
  # openssl rsa -in maguro.key.encrypted -out maguro.key
  Enter pass phrase for maguro.key: passphrase
  writing RSA key

 
The resulting maguro.key is your unencrypted private key.

  # less maguro.key
  -----BEGIN RSA PRIVATE KEY-----
  MIICXQIBAAKBgQCaCgZ5CUVqt6liqHAySkD/I/AuLbzekutPi7zNQ7OrV82kuZJy
  5qoWcR7WmPZ+awkk9i487DG7NacNNOjj1+uGrEr+S32ceG5s8Fd2qUOHx554SOoF
  [ snip ]
  Y5Dmk/jiZGhnxJmRKmMCQQCkYkdiv3ze6/JiAQueTASlR4qiON7ZJdol41ghI4JP
  A8Q+bS5dFpyzM9XEU4ptjrFhkZi9SkdH1rqCJ64C4DF+
  -----END RSA PRIVATE KEY-----

 

Posted: January 16th, 2007 under Answers, DragonFlyBSD, FreeBSD, NetBSD, Security.
Comments: none

Write a comment