[gnutls-devel] GnuTLS | `certtool --to-p12` only accepts `--load-privkey` and `--load-certificate` once (#1176)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Feb 1 22:13:35 CET 2021



Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1176



PKCS12 objects can contain more than one secret key and more than one certificate that might correspond to those secret keys.  (for example, a pair of X.509 certificates for S/MIME, one of which is for encryption, and one of which is for signatures)

However, `certtool --p12` limits the user to a single `--load-privkey` argument and a single `--load-certificate` argument.

The files indicated by those arguments can include multiple objects -- two keys inside a single `--load-privkey two-keys.pem` file, for example, so there is a way to achieve the desired outcome.  But it seems like it would also be useful to be able to supply the arguments multiple times to inject more keys (or more certificates) into the PKCS 12 object.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1176
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210201/bd8eca58/attachment.html>


More information about the Gnutls-devel mailing list