PKCS 12 support questions

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Sun Jan 19 23:25:15 CET 2014


Hello,

On Sun, Jan 19, 2014 at 6:19 PM, Werner Koch <wk at gnupg.org> wrote:
> On Sun, 19 Jan 2014 01:47, dbaryshkov at gmail.com said:
>
>> 1) Is there a reason, why minip12 is so limited on supported features?
>
> Because pkcs#12 is an entirely broken design and I did this only on
> customer request for migrating existisng keys.

Ah, pkcs#12 is one of two standards for key transport for GOST private keys
(second one is pkcs#8).

>
>> 2) Why is it implemented in gnupg itself - i.e. not in libksba? Would
>> it benefitable to push
>> at least parts of ASN.1 parsing to libksba?
>
> Please keep that extra insane data format out of Libksba.  pkcs#12 is
> plain horror.
>
> Do you really need it?  Isn't X.509 dead anyway?

Russian cryptography is largely built around PKI and X.509.
I will try adding PKCS#8 support to libksba (in some form). Hope you
won't oppose it.


-- 
With best wishes
Dmitry



More information about the Gnupg-devel mailing list