Have you ever had a need to inspect the details of the Cisco VPN PCF file? Perhaps you are using OS X and you would like to use the OS X VPN IPSec client?
Back in the day before using OS X I used Linux as my primary desktop OS and I used VPNC as my linux VPN client. It came with a set of nice utilities such as pcf2vpnc that is a command line script that converted a PCF file to the VPNC format. Part of the output is the shared group key in plaintext; the key was decoded using the cisco-decrypt utility.
If you are a Linux user then your favorite package manager most likely will include VPNC (pcf2vpnc should be also be included)/
Today I’m using OS X and I regularly need to check the contents of a specific PCF file. I first checked to see if “Homebrew” had vpnc, but unfortunately it did not. I then checked Google to see if the pcf2vpnc script is online somewhere and luckily I found it at https://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc.
When you look at the source code you can see that it requires the “cisco-decrypt” command. Fortunately this utility can easily be found and compiled on OS X.
The Following Instructions To Compile the “Cisco-Decrypt” utility for OS X:
– Download a copy of the source code from git clone https://github.com/utgarda/cisco-decrypt/ or wget https://github.com/utgarda/cisco-decrypt/blob/master/cisco-decrypt.c
– Install Libgcrypt using Homebrew: brew install libgcrypt
– Once Libgcrypt is installed compile cisco-decrypt:
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config –libs –cflags (I’m assuming here that you already have gcc by having the Xcode Command Line Tools already installed)
– Finally – These steps above will produce cisco-decrypt executable command that you can copy it to /user/local/bin/
At this point, you can just pass the pre-shared key directly to cisco-decrypt as the first command line argument.
Or you can execute pcf2vpnc and pass the path to the PCF file as the first argument, and the contents in cleartext will be displayed on the terminal screen.