[gnutls-help] confusion regarding private key encryption

MK mk at cognitivedissonance.ca
Wed Apr 17 14:59:29 CEST 2013

On Wed, 17 Apr 2013 09:29:37 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> Try "certtool -k" on that key and enable verbosity to see more
> details on the error. 

Certtool worked without error, so I ran it inside gdb to try and find
some code to cargo cult ;) But privkey_info() was doing exactly what I
did, and the decrypt flags were 0.

What was also odd is that I got the same -302 parsing error even with
no password or the wrong password, which should be "decryption
failed".  Then (facepalm) it occurred to me that gnutls needs to be
initialized. The previous gnutls code I've written was last year, so I
had forgotten this and did not bother to look.

I do have one more question for you though.  WRT the cipher scheme used
with the password encrypted key, is there anyway to find this out?
Neither certtool -V nor openssl report this, I think.

Public Key Info:
	Public Key Algorithm: RSA
	Key Security Level: Legacy (2048 bits)

Nothing about how the private key was encrypted, although I presume
at some point some part of the program must know since it decrypted it.
It seems to me that is useful information and there is no reason for it
to be "secret" if I have the password.

Thanks -- MK

"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)

More information about the Gnutls-help mailing list