[Help-gnutls] Re: Encrypted private keys

Alex Samad alex at samad.com.au
Fri May 30 02:50:12 CEST 2008

On Thu, May 29, 2008 at 03:58:50PM +0200, Simon Josefsson wrote:
> "Alex Samad" <alex at samad.com.au> writes:
> > Hi
> >
> > I am a debian user and use gnutls library indirectly, previously I used
> > openssl, but debian has made a move over to gnutls.
> >
> > Previously with openssl I had setup ldapsearch to use x509 certs to identify
> > myself, I encrypted my private certs with a password. Since the move to
> > gnutls I have been unable to use encrypted private keys.
> >
> > I thought maybe it was a config difference between gnutls and openssl, but
> > with all the reading I have done of certtool documentation I can't find any
> > place to setup a encrypted private key.
> >
> > I have raised a bug report against the maintainers of ldap-utils, this is
> > the package that has ldapsearch ( and other ldap-commands), but they are a
> > bit low on resources now.
> >
> > So I thought I would come to the list and find out 
> >
> > 1) is it true that the libraries can't handle encrypted private keys
> No.
> > 2) If not how do you handle encrypted private keys
> You can load PKCS#8 protected keys using:
> gnutls_x509_privkey_import_pkcs8.
> And encrypted keys stored in PKCS#12 using:
> gnutls_certificate_set_x509_simple_pkcs12_file
> These are the two standard ways to encrypt private keys that I know of.
> OpenSSL has a proprietary standard that we don't support.

This is the important bit of information I need, I had presumed their
encrypted pem (?!) was a standard, so I should be able to use password
protected pkcs12.

Sorry I am end user of an application not the writer, I will check this


> /Simon

"There's no question that the minute I got elected, the storm clouds on the horizon were getting nearly directly overhead."

	- George W. Bush
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080530/0d60d11f/attachment.pgp>

More information about the Gnutls-help mailing list