[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] About Future Plans: Private keys encrypted.
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] About Future Plans: Private keys encrypted. |
Date: |
Wed, 16 Nov 2005 12:33:11 +0100 |
User-agent: |
KMail/1.8.2 |
On Wednesday 16 November 2005 01:52, Fran wrote:
> * You can both encrypt and decrypt pkcs8 keys in gnutls. The only
> limitation is
> * that pkcs8 2.0 is supported and not previous versions.
>
> Well, But encryption of key file with password do not work for me,
> always exports the key as plain. I used 2,4,8,16 types.
> I can not understand very well the man pages, and why the key do not is
> saved as encrypted.
Which manpages were problematic? The whole PKCS #8 stuff is complex though.
> In the code exposed is the same put GNUTLS_PKCS_PLAIN or
> GNUTLS_PKCS_USE_PKCS12_RC2_40, etc.
> I can not understand it.
If you use "certtool --generate-privkey -8" you get a pkcs8 encrypted key.
The only thing you need to do is call gnutls_x509_privkey_export_pkcs8()
with the flag (say) GNUTLS_PKCS_USE_PKCS12_3DES and an ASCII password.
--
Nikos Mavrogiannopoulos