[gnutls-help] confusion regarding private key encryption

MK mk at cognitivedissonance.ca
Tue Apr 16 21:36:51 CEST 2013

I have a password encrypted private key associated with an x509
certificate. The key can be read with:

openssl rsa -in keyfile

And providing the password.  I am trying to import this for use with

	gnutls_datum_t key_raw;
	key_raw.size = slurpfile("crt/prv.key", (char**)&

// slurpfile works, but to verify key data has been read in correctly:
fprintf(stderr,"%s", key_raw.data);  // no issue here

	gnutls_x509_privkey_t key;
	check = gnutls_x509_privkey_import2 (

I inevitably get a -302, GNUTLS_E_PARSING_ERROR.  I have also tried
"gnutls_privkey_import_x509_raw()" (although I have no idea what the
difference is) and "gnutls_x509_privkey_import_openssl
()"; they all return the same error.

Because I don't know what cipher was used on the key (nor how to find
out), I have not tried any gnutls_pkcs_encrypt_flags_t flags.  However,
I did try an openssl decrypted copy (RSA PRIVATE KEY), this made no

What am I confused about here?

Thanks -- MK

"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)

More information about the Gnutls-help mailing list