[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: Exporting a PKCS#12 structure without the private
From: |
Fabian Fagerholm |
Subject: |
Re: [Help-gnutls] Re: Exporting a PKCS#12 structure without the private key |
Date: |
Tue, 09 Nov 2004 15:05:44 +0200 |
On Tue, 2004-11-09 at 00:58 +0100, Simon Josefsson wrote:
> I've made it possible to do so now in CVS.
>
> Hopefully the daily snapshot will build tonight, so you can test it
> tomorrow, even if you are not already building from CVS.
>
> It should then be possible to do:
>
> $ certtool --to-p12 --load-certificate ~/cert.pem
This seems to work nicely -- thank you!
> The simplest is to distribute the certificates as-is (i.e., DER/PEM).
>
> PKCS#12 is typically used when you are transferring the private key.
>
> You can create a degenerative PKCS#7 structure with only certificates,
> but if someone isn't forcing you to use this approach, I'd say forget
> about it. Incidentally, it seems certtool doesn't support this
> either.
It seems that some programs will not work with the DER or PEM formats,
but require the use of PKCS#12. That's obviously a big flaw in those
programs, especially if PKCS#12 is primarily meant as a format that
should always contain a certificate and its key. I really can't imagine
that it would be a common requirement to supply the secret key to your
users...
Cheers,
--
Fabian Fagerholm <address@hidden>
signature.asc
Description: This is a digitally signed message part