PKCS 12 support questions
dbaryshkov at gmail.com
Sun Jan 19 23:25:15 CET 2014
On Sun, Jan 19, 2014 at 6:19 PM, Werner Koch <wk at gnupg.org> wrote:
> On Sun, 19 Jan 2014 01:47, dbaryshkov at gmail.com said:
>> 1) Is there a reason, why minip12 is so limited on supported features?
> Because pkcs#12 is an entirely broken design and I did this only on
> customer request for migrating existisng keys.
Ah, pkcs#12 is one of two standards for key transport for GOST private keys
(second one is pkcs#8).
>> 2) Why is it implemented in gnupg itself - i.e. not in libksba? Would
>> it benefitable to push
>> at least parts of ASN.1 parsing to libksba?
> Please keep that extra insane data format out of Libksba. pkcs#12 is
> plain horror.
> Do you really need it? Isn't X.509 dead anyway?
Russian cryptography is largely built around PKI and X.509.
I will try adding PKCS#8 support to libksba (in some form). Hope you
won't oppose it.
With best wishes
More information about the Gnupg-devel