Marko Cupa? wrote: > Hi, > > I'm trying to set up ipsec-protected gre tunnel from OpenBSD to Cisco, > and - not only thanks to all the useful advices I got in my earlier > thread https://marc.info/?l=openbsd-misc&m=145043287011537&w=2, but > also 10x to http://bsdsupport.org/setting-up-ipsec-over-gre-on-openbsd/ > - I've so far managed to successfully establish non-protected gre > tunnel. Also OSPF works through it! > > I want to dive further into ipsec and rsa keys (which BTW I have > successfully configured numerous times in OpenBSD - OpenBSD and > Cisco - Cisco setups, but never in a OpenBSD - Cisco setup), but I've > stumbled upon an obstacle I haven't encountered before: Cisco asks for > public keys in hex number format, similar to: > > 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00B2GD66 > 569171F2 0BCEAE31 5DCDD33A AA3E908C C93A46ED 267AA65A 70150BEC F0BAF97C > 3348DDAB 7FB26194 739D3BB2 4114F5BC 87A1F8BD 67DD656C 34540314 0EAD1301 > 40A4FB2C B37438F3 F37F8182 C0C0286C 1200F3A0 73E2D021 D9CAFE2C 547CABCF > 43ED95EE 12C9B4C0 633DA4C4 D7FAF832 31F7AFEA C88DCDCB BBB735D9 CB020301 > 0001 > > ... while OpenBSD's local.pub is similar to: > > -----BEGIN PUBLIC KEY----- > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ9AMIIBCgKCAQEAtBdefJzPO8VhBUx28wLV > xLk0DeLDTIDU6m+v7DCC1dge3NLK2i+G5wkqUvlOK/vmPkKRydOzioViUiwhoP1q > q6oHE8aQvVCbD7R6lMibx+4Rcejwc3pBzx5K1ibCqj9zhkrVI1SD5PIMAyBF/WxG > rR47c+cXZwwUFspXBddqODaJcH9pFKW1gUhMo58j8MVw2HYyMdQo7nbx5TKybUWd > 9+skXFiTqWumZGqV2OsKqVKsWmbq6jojUwpobRgEXqj0ndHKsGK39YP/XqAx8nYm > pAkaDvFmCE4ntoVHoG/nfKtgpryPEb1nQ3e1t97WgoJUOw3iqutji3XQ+/tDfvWq > HQIDAQAB > -----END PUBLIC KEY----- > > Any idea on how to convert OpenBSD's /etc/isakmpd/local.pub to hex > number format? >
Assuming the key is a hex format of the DER encoding, this may get you in the right direction: openssl pkey -pubin -in /etc/isakmpd/local.pub -outform DER | hexdump -C
