[gnutls-help] Creating password protected private keys with certtool?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu May 15 18:14:03 CEST 2014


On Thu, May 15, 2014 at 2:22 PM, Josef Wolf <jw at raven.inka.de> wrote:
>> Good to know. It was imposed by autogen's file option. I've now lifted
>> that limitation.
> Nikos, I'm not really sure whether this is a good idea. After all, insisting
> on regular files prevents against symlink attacks.
> Maybe a better solution would be to go for the unix tradition and special-case
> the '-' to mean stdin/stdout (depending on context)

I'm not sure it's worth the effort checking for proper files. About
the '-' addition it sounds good, but it's quite a big change with
quite some side-effects. Inr your use-case specifically i think that
--ask-pass is more useful than '-'.

regards,
Nikos



More information about the Gnutls-help mailing list