[gnutls-help] Creating password protected private keys with certtool?
Josef Wolf
jw at raven.inka.de
Wed May 14 16:58:04 CEST 2014
On Wed, May 14, 2014 at 10:35:44AM -0400, Daniel Kahn Gillmor wrote:
Thanks for the quick response, Daniel!
> On 05/14/2014 09:37 AM, Josef Wolf wrote:
> > certtool --generate-privkey --outfile x509-ca-key.pem --password "secret"
>
> What version of certtool are you using? how can you tell that the file
> is not encrypted?
I'm using 3.0.28, as it comes with opensuse-12.3.
I assume it is not encrypted because it don't ask me for the password when I
use it for anything:
jw at raven:/m/s/rep/git/catool$ certtool --version
certtool 3.0.28
[ ... ]
jw at raven:/m/s/rep/git/catool$ certtool --generate-privkey --outfile x.pem --password x
Generating a 2432 bit RSA private key...
jw at raven:/m/s/rep/git/catool$ certtool --key-info < x.pem | head -5
Public Key Info:
Public Key Algorithm: RSA
Key Security Level: Normal
I just noticed that I get encrypted keys when I use the --pkcs8 option. But
then, certtool insists to read the password from the keyboard. Is it possible
to provide the password on stdin or something?
--
Josef Wolf
jw at raven.inka.de
More information about the Gnutls-help
mailing list