PKCS 12 support questions

Dmitry Eremin-Solenikov dbaryshkov at
Sun Jan 19 23:25:15 CET 2014


On Sun, Jan 19, 2014 at 6:19 PM, Werner Koch <wk at> wrote:
> On Sun, 19 Jan 2014 01:47, dbaryshkov at said:
>> 1) Is there a reason, why minip12 is so limited on supported features?
> Because pkcs#12 is an entirely broken design and I did this only on
> customer request for migrating existisng keys.

Ah, pkcs#12 is one of two standards for key transport for GOST private keys
(second one is pkcs#8).

>> 2) Why is it implemented in gnupg itself - i.e. not in libksba? Would
>> it benefitable to push
>> at least parts of ASN.1 parsing to libksba?
> Please keep that extra insane data format out of Libksba.  pkcs#12 is
> plain horror.
> Do you really need it?  Isn't X.509 dead anyway?

Russian cryptography is largely built around PKI and X.509.
I will try adding PKCS#8 support to libksba (in some form). Hope you
won't oppose it.

With best wishes

More information about the Gnupg-devel mailing list