[Help-gnutls] Re: Encrypted private keys
Simon Josefsson
simon at josefsson.org
Fri May 30 11:30:17 CEST 2008
Alex Samad <alex at samad.com.au> writes:
>> > 2) If not how do you handle encrypted private keys
>>
>> You can load PKCS#8 protected keys using:
>>
>> gnutls_x509_privkey_import_pkcs8.
>>
>> And encrypted keys stored in PKCS#12 using:
>>
>> gnutls_certificate_set_x509_simple_pkcs12_file
>>
>> These are the two standard ways to encrypt private keys that I know of.
>> OpenSSL has a proprietary standard that we don't support.
>
> This is the important bit of information I need, I had presumed their
> encrypted pem (?!) was a standard, so I should be able to use password
> protected pkcs12.
Whether to use PKCS#8 or PKCS#12 depends on whether you want to store
the certificate and CA information as well. If you just want to protect
the keys, use PKCS#8. If you want to include the certificate, use
PKCS#12. Normally it is simpler to use PKCS#8 for the keys and provide
the certificate in a separate file.
/Simon
More information about the Gnutls-help
mailing list