[Help-gnutls] Re: Encrypted private keys

Simon Josefsson simon at josefsson.org
Fri May 30 11:30:17 CEST 2008

Alex Samad <alex at samad.com.au> writes:

>> > 2) If not how do you handle encrypted private keys
>> You can load PKCS#8 protected keys using:
>> gnutls_x509_privkey_import_pkcs8.
>> And encrypted keys stored in PKCS#12 using:
>> gnutls_certificate_set_x509_simple_pkcs12_file
>> These are the two standard ways to encrypt private keys that I know of.
>> OpenSSL has a proprietary standard that we don't support.
> This is the important bit of information I need, I had presumed their
> encrypted pem (?!) was a standard, so I should be able to use password
> protected pkcs12.

Whether to use PKCS#8 or PKCS#12 depends on whether you want to store
the certificate and CA information as well.  If you just want to protect
the keys, use PKCS#8.  If you want to include the certificate, use
PKCS#12.  Normally it is simpler to use PKCS#8 for the keys and provide
the certificate in a separate file.


More information about the Gnutls-help mailing list