[Help-gnutls] Re: Encrypted private keys

Simon Josefsson simon at josefsson.org
Thu May 29 15:58:50 CEST 2008

"Alex Samad" <alex at samad.com.au> writes:

> Hi
> I am a debian user and use gnutls library indirectly, previously I used
> openssl, but debian has made a move over to gnutls.
> Previously with openssl I had setup ldapsearch to use x509 certs to identify
> myself, I encrypted my private certs with a password. Since the move to
> gnutls I have been unable to use encrypted private keys.
> I thought maybe it was a config difference between gnutls and openssl, but
> with all the reading I have done of certtool documentation I can't find any
> place to setup a encrypted private key.
> I have raised a bug report against the maintainers of ldap-utils, this is
> the package that has ldapsearch ( and other ldap-commands), but they are a
> bit low on resources now.
> So I thought I would come to the list and find out 
> 1) is it true that the libraries can't handle encrypted private keys


> 2) If not how do you handle encrypted private keys

You can load PKCS#8 protected keys using:


And encrypted keys stored in PKCS#12 using:


These are the two standard ways to encrypt private keys that I know of.
OpenSSL has a proprietary standard that we don't support.


More information about the Gnutls-help mailing list