[Help-gnutls] About Future Plans: Private keys encrypted.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Nov 15 23:16:44 CET 2005
On Tuesday 15 November 2005 20:52, Fran wrote:
> Hello,
> I can see that certtool do not encrypt keys and not support some keys
> generated with openssl (encrypted).
> I can see :
> > int gnutls_x509_privkey_import_pkcs8:
> > This function will convert the given DER or PEM encoded PKCS8 2.0
> > encrypted key to the native gnutls_x509_privkey_t format. The output will
> > be stored in key. Currently only RSA keys can be imported, and flags can
> > only be used to indicate an unencrypted key.
> I think that this is a very high risk security problem for applications
> that use a file key.
You can both encrypt and decrypt pkcs8 keys in gnutls. The only limitation is
that pkcs8 2.0 is supported and not previous versions.
--
Nikos Mavrogiannopoulos
More information about the Gnutls-help
mailing list