1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Feature request for 1.0.25

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by RadioActiveMan, Dec 5, 2006.

  1. RadioActiveMan

    RadioActiveMan LI Guru Member


    I´m missing at WRV200 the possibility to insert my RSA Signature. I would like to generate a privat key with putty (or equal) and paste my personal RSA-key (>=2048bit) or DSA or ECC (Elliptic curve cryptography). Every VPN user should have his own RSA Signature. Is there any relationship between the DH-Group Policy and my pre-shared key? I have only 20 code digits! Thank´s for more enhanced security features :thumbup:
  2. HughR

    HughR LI Guru Member

    IPSec protocols are fairly complicated.

    Boiling it down: DH is about generating private session keys in a way that thwarts eavesdropping. IKE-level Authentication is about thwarting man-in-the-middle attacks. It turns out that all the really difficult deployment problems are in authentication (DH just works).

    The WRV200 supports only PreShared Key authentication. You want RSA Signature authentication (or ECC). The underlying code (Openswan) implements that. Unfortunately, the GUI provides no way to get at this capability (even though the manual seems to suggest that it does).

    Openswan is GPLed. Certicom claims (roughly) that its patents cover all reasonable ECC implementations (some dispute this). So Openswan cannot support ECC. The DH and RSA patents have expired.

Share This Page