[Help-gnutls] About Future Plans: Private keys encrypted.

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Nov 18 16:34:54 CET 2005


On Thursday 17 November 2005 01:22, Fran wrote:
> On Mér, 2005-11-16 at 12:33 +0100, Nikos Mavrogiannopoulos wrote:
> > Which manpages were problematic?
>
> It is strange for me (for me):
> >  unsigned int flags
> >                    0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
> > Currently only RSA keys can be imported,
> >        and flags can only be used to indicate an unencrypted key.

It is indeed strange. The problem is that if the key is DER encoded that 
encryption status cannot be auto-detected[0]. In the PEM case it is different 
since there is a header we can check. That's the purpose of this flag.
I've added some clarification on the documentation...


[0]. We could try to decode it as encrypted and if that fails try the 
unencrypted decoding, but this is too high level. If needed it should
be done on a higher layer.


-- 
Nikos Mavrogiannopoulos





More information about the Gnutls-help mailing list