certtool: --pkcs-cipher option not working
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Jun 26 22:01:26 CEST 2010
Timo Gerke wrote:
Hello,
> Hi all,
>
> I'm new to this list, so I hope this report can help you to figure out
> my problem.
>
> when I generate a private key (DSA) with certtool, e. g.
> certtool -p --dsa --pkcs-cipher aes-256 --outfile privkey.pem
> The key won't get encyrpted.
This correct. The default output format is not pkcs8 and thus the
--pkcs-cipher is ignored.
> If I use
> certtool -p --pkcs8 --dsa --pkcs-cipher aes-256 --outfile privkey.pem
> I get following output:
This is the correct command. It seems you uncovered a bug and when
generating a key with the --pkcs8 parameter it always uses 3des. To
avoid that generate the key as you did in the first case and then
convert it to pkcs8 format using
/certtool -k --to-p8 --pkcs-cipher aes-128 --load-privkey privkey.pem >
output.p8
I've fixed the problem in the git repository.
regards,
Nikos
More information about the Gnutls-help
mailing list