[gnutls-help] Generating a certificate with an encrypted private key
Yan Fiz
yanfiz at gmail.com
Tue Feb 5 20:43:42 CET 2013
Hello,
I tried to generate a self signed certificate with an encrypted private
key. GnuTLS 3.0.22 is OK, but GnuTLS 3.1.7 gives error with the same
commands.
D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-privkey --pkcs8
--pkcs-cipher aes-256 --rsa --bits 2048 --outfile test.p8
** Note: Please use the --sec-param instead of --bits
Generating a 2048 bit RSA private key...
Enter password:
Confirm password:
D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash
sha512 --load-privkey test.p8 --outfile test.crt
Generating a self signed certificate...
Enter password:
Please enter the details of the certificate's distinguished name. Just
press enter to ignore a field.
Country name (2 chars):
.
.
.
D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-privkey --pkcs8
--pkcs-cipher aes-256 --rsa --bits 2048 --outfile test.p8
** Note: Please use the --sec-param instead of --bits
Generating a 2048 bit RSA private key...
Enter password:
D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash
sha512 --load-privkey test.p8 --outfile test.crt
Generating a self signed certificate...
certtool.exe: import error: could not find a valid PEM header; check if
your key is PKCS #12 encoded
D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash
sha512 --load-privkey test.p8 --outfile test.crt --debug 9999
Setting log level to 9999
|<2>| Intel AES accelerator was detected
|<2>| ASSERT: pkcs11.c:456
Generating a self signed certificate...
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN DSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN EC PRIVATE KEY'
|<2>| ASSERT: privkey.c:484
|<2>| Falling back to PKCS #8 key decoding
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:1199
|<2>| ASSERT: privkey_pkcs8.c:1351
|<2>| ASSERT: privkey.c:638
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<9>| keyDerivationFunc.algorithm: 1.2.840.113549.1.5.12
|<9>| salt.specified.size: 14
|<9>| iterationCount: 263
|<2>| ASSERT: mpi.c:246
|<9>| keyLength: 0
|<9>| encryptionScheme.algorithm: 2.16.840.1.101.3.4.1.42
|<9>| IV.size: 16
|<2>| ASSERT: privkey_pkcs8.c:1199
|<2>| ASSERT: privkey_pkcs8.c:998
|<2>| ASSERT: privkey_pkcs8.c:1351
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN PKCS12'
|<2>| ASSERT: pkcs12.c:216
|<2>| ASSERT: privkey.c:577
|<2>| ASSERT: privkey_openssl.c:158
|<2>| ASSERT: privkey.c:655
|<2>| ASSERT: gnutls_privkey.c:932
certtool.exe: import error: could not find a valid PEM header; check if
your key is PKCS #12 encoded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130205/0df38adb/attachment-0001.htm>
More information about the Gnutls-help
mailing list