[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Encrypted private keys
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Encrypted private keys |
Date: |
Fri, 30 May 2008 11:30:17 +0200 |
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Alex Samad <address@hidden> writes:
>> > 2) If not how do you handle encrypted private keys
>>
>> You can load PKCS#8 protected keys using:
>>
>> gnutls_x509_privkey_import_pkcs8.
>>
>> And encrypted keys stored in PKCS#12 using:
>>
>> gnutls_certificate_set_x509_simple_pkcs12_file
>>
>> These are the two standard ways to encrypt private keys that I know of.
>> OpenSSL has a proprietary standard that we don't support.
>
> This is the important bit of information I need, I had presumed their
> encrypted pem (?!) was a standard, so I should be able to use password
> protected pkcs12.
Whether to use PKCS#8 or PKCS#12 depends on whether you want to store
the certificate and CA information as well. If you just want to protect
the keys, use PKCS#8. If you want to include the certificate, use
PKCS#12. Normally it is simpler to use PKCS#8 for the keys and provide
the certificate in a separate file.
/Simon