[gnutls-devel] GnuTLS | certtool: --to-p12: use modern algorithms by default (!1499)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Dec 21 15:24:53 CET 2021




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_791467931

I've added a test that compares the `--p12-info` with the expected output.

> First: just to double check, the addition of --with-pkcs12-iter-count=10000 in test scripts is just there to speed up CI?

Yes, the number is based on https://searchfox.org/mozilla-central/source/security/nss/lib/pkcs7/p7create.c#21

> Second, shouldn't we verify that 600000 is indeed the new default?

I think it's now covered by the new test.

> Third, what's the HMAC used for PBKDF2? Doesn't GnuTLS default to SHA1 there?

Good point; I've updated it to SHA256.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1499#note_791467931
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211221/8245bb77/attachment-0001.html>


More information about the Gnutls-devel mailing list