[Help-gnutls] Re: Encrypted private keys

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: Encrypted private keys

From:	Simon Josefsson
Subject:	[Help-gnutls] Re: Encrypted private keys
Date:	Fri, 30 May 2008 11:30:17 +0200
User-agent:	Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)

Alex Samad <address@hidden> writes:

>> > 2) If not how do you handle encrypted private keys
>> 
>> You can load PKCS#8 protected keys using:
>> 
>> gnutls_x509_privkey_import_pkcs8.
>> 
>> And encrypted keys stored in PKCS#12 using:
>> 
>> gnutls_certificate_set_x509_simple_pkcs12_file
>> 
>> These are the two standard ways to encrypt private keys that I know of.
>> OpenSSL has a proprietary standard that we don't support.
>
> This is the important bit of information I need, I had presumed their
> encrypted pem (?!) was a standard, so I should be able to use password
> protected pkcs12.

Whether to use PKCS#8 or PKCS#12 depends on whether you want to store
the certificate and CA information as well.  If you just want to protect
the keys, use PKCS#8.  If you want to include the certificate, use
PKCS#12.  Normally it is simpler to use PKCS#8 for the keys and provide
the certificate in a separate file.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Encrypted private keys, Alex Samad, 2008/05/29
- [Help-gnutls] Re: Encrypted private keys, Simon Josefsson, 2008/05/29
  - [Help-gnutls] Re: Encrypted private keys, Alex Samad, 2008/05/29
    - [Help-gnutls] Re: Encrypted private keys, Simon Josefsson <=

Prev by Date: [Help-gnutls] Re: Authentication during Handshake
Next by Date: [Help-gnutls] Re: Authentication during Handshake
Previous by thread: [Help-gnutls] Re: Encrypted private keys
Index(es):
- Date
- Thread