[Help-gnutls] About Future Plans: Private keys encrypted.

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Nov 16 12:33:11 CET 2005


On Wednesday 16 November 2005 01:52, Fran wrote:
>       * You can both encrypt and decrypt pkcs8 keys in gnutls. The only
>         limitation is
>       * that pkcs8 2.0 is supported and not previous versions.
>
> Well, But encryption of key file with password do not work for me,
> always exports the key as plain. I used 2,4,8,16 types.
> I can not understand very well the man pages, and why the key do not is
> saved as encrypted.
Which manpages were problematic? The whole PKCS #8 stuff is complex though.

> In the code exposed is the same put GNUTLS_PKCS_PLAIN or
> GNUTLS_PKCS_USE_PKCS12_RC2_40, etc.
> I can not understand it.
If you use "certtool --generate-privkey -8" you get a pkcs8 encrypted key.
The only thing you need to do is call gnutls_x509_privkey_export_pkcs8()
with the flag (say) GNUTLS_PKCS_USE_PKCS12_3DES and an ASCII password.

-- 
Nikos Mavrogiannopoulos





More information about the Gnutls-help mailing list