[Help-gnutls] About Future Plans: Private keys encrypted.

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Nov 15 23:16:44 CET 2005

On Tuesday 15 November 2005 20:52, Fran wrote:
> Hello,
> I can see that certtool do not encrypt keys and not support some keys
> generated with openssl (encrypted).
> I can see :
> > int gnutls_x509_privkey_import_pkcs8:
> >  This  function  will convert the given DER or PEM encoded PKCS8 2.0
> > encrypted key to the native gnutls_x509_privkey_t format. The output will
> > be stored in key.  Currently only RSA keys can be imported, and flags can
> > only be used to indicate an unencrypted key.
> I think that this is a very high risk security problem for applications
> that use a file key.

You can both encrypt and decrypt pkcs8 keys in gnutls. The only limitation is 
that pkcs8 2.0 is supported and not previous versions.

Nikos Mavrogiannopoulos

More information about the Gnutls-help mailing list