{Spam?} Re: loading psk credentials from encrypted file

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Oct 24 16:42:43 CEST 2009

Michael Weiser wrote:

>>> - Is this at all sensible or (will it break|is it braindead|other
>>>   reason for never ever doing it)?
>> I don't like pkcs-12 due to it's complexity, but nevertheless there is
>> nothing (else) wrong with it and pretty much seems to fit here.
> What SSH does with it's identities is much what I'd like. After looking
> at their code, I despaired of being able to get it implemented without
> major breakage.
> PKCS12 might be complex on the inside but GNUTLS's PKCS12 API to me as
> developer is nicely simple. If there were something similarly simple
> API-wise with support for stronger ciphers and perhaps even a simpler
> internal structure, I'd jump on it. :)
>>> - Can I use something stronger than RC4-128 for encryption?
>> I believe PKCS-12 supports 3DES as well.
> Is there a way of adding something like AES-256?

I've checked a bit and it seems there is a definition of the AES family
in PKCS #5 2.1 (PBES). I have added support for them in the git
repository. About using the secret bag, from a quick glimpse it seems it
can only be used with a custom extension.


More information about the Gnutls-help mailing list