I’m currently using some Nitrokey HSM2 (last firmare updated) with my company for IPsec VPN connection with Strongswan.
We’re having issues with 4096 RSA keys because they take too long time to load, and the process charon cannot start (timeout delay is 10s and cannot be changed) :
00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.3.0-28-generic, x86_64)
charon too long to start… - kill kill
child 4029 (charon) has been killed by sig 9
charon has died – restart scheduled (5sec)
Depending on the Nitrokey, I was able to load 4096 RSA keys, and for another device, only 2 RSA keys.
The workaround is to reduce the key to 3072 or 2048 but it’s not the best solution…
Would you have any ideas please ?