[gnutls-devel] GnuTLS | cannot generate RSA-OAEP key outside of FIPS mode with certtool (#1653)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Feb 5 09:09:57 CET 2025
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1653#note_2331596970
> `certtool --generate-privkey --key-type rsa-oaep --outfile oaep --p8` -\> same, raw RSA key
The `--p8` in this command line expands to `--p8-info`, as the abbreviation is [unique](https://www.gnu.org/software/libc/manual/html_node/Getopt-Long-Options.html), which doesn't change the key generation behavior.
The correct command line is:
`certtool --generate-privkey --key-type rsa-oaep --outfile oaep --pkcs8 --empty-password`
That said, that should be the default behavior; currently it's not because of a missing key type check in `switch_to_pkcs8_when_needed` in src/certtool-common.h.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1653#note_2331596970
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250205/e3c312cb/attachment.html>
More information about the Gnutls-devel
mailing list