diff options
Diffstat (limited to 'man/ipsec.secrets.5.in')
-rw-r--r-- | man/ipsec.secrets.5.in | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in index 319d4856b..ee20c9670 100644 --- a/man/ipsec.secrets.5.in +++ b/man/ipsec.secrets.5.in @@ -91,6 +91,9 @@ defines an RSA private key .B ECDSA defines an ECDSA private key .TP +.B P12 +defines a PKCS#12 container +.TP .B EAP defines EAP credentials .TP @@ -133,16 +136,26 @@ Similarly, a character sequence beginning with .B 0s is interpreted as Base64 encoded binary data. .TP -.B [ <selectors> ] : RSA <private key file> [ <passphrase> | %prompt ] +.B : RSA <private key file> [ <passphrase> | %prompt ] .TQ -.B [ <selectors> ] : ECDSA <private key file> [ <passphrase> | %prompt ] +.B : ECDSA <private key file> [ <passphrase> | %prompt ] For the private key file both absolute paths or paths relative to \fI/etc/ipsec.d/private\fP are accepted. If the private key file is encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase .B %prompt -can be used which then causes the daemons to ask the user for the password +can be used which then causes the daemon to ask the user for the password whenever it is required to decrypt the key. .TP +.B : P12 <PKCS#12 file> [ <passphrase> | %prompt ] +For the PKCS#12 file both absolute paths or paths relative to +\fI/etc/ipsec.d/private\fP are accepted. If the container is +encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase +.B %prompt +can be used which then causes the daemon to ask the user for the password +whenever it is required to decrypt the container. Private keys, client and CA +certificates are extracted from the container. To use such a client certificate +in a connection set leftid to one of the subjects of the certificate. +.TP .B <user id> : EAP <secret> The format of \fIsecret\fP is the same as that of \fBPSK\fP secrets. .br @@ -165,7 +178,7 @@ key. The slot number defines the slot on the token, the module name refers to the module name defined in strongswan.conf(5). Instead of specifying the pin code statically, .B %prompt -can be specified, which causes the daemons to ask the user for the pin code. +can be specified, which causes the daemon to ask the user for the pin code. .LP .SH FILES |