[gnutls-help] Generating a certificate with an encrypted private key
Yan Fiz
yanfiz at gmail.com
Sun Feb 10 20:18:12 CET 2013
Hello,
GnuTLS 3.1.8 can generate a certificate with an encrypted private key
(thank you for fixing it), but cannot generate a PKCS #12 structure with
that encrypted private key and that certificate, while GnuTLS 3.0.22 can.
Kind regards,
Yan Fiz.
D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-privkey --pkcs8
--pkcs-cipher aes-256 --rsa --sec-param normal --outfile test.p8
Generating a 2432 bit RSA private key...
Enter password:
Confirm password:
D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash
sha512 --load-privkey test.p8 --outfile test.crt
Generating a self signed certificate...
Enter password:
Please enter the details of the certificate's distinguished name. Just
press enter to ignore a field.
Country name (2 chars):
.
.
.
D:\gnutls-3.0.22-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour
--pkcs8 --outder --load-privkey test.p8 --load-certificate test.crt
--outfile test.p12
Generating a PKCS #12 structure...
Enter password:
Loading certificate list...
Loaded 1 certificates.
Enter a name for the key: Test
Enter password:
D:\gnutls-3.1.8-w32\bin>certtool.exe --generate-privkey --pkcs8
--pkcs-cipher aes-256 --rsa --sec-param normal --outfile test.p8
Generating a 2432 bit RSA private key...
Enter password:
D:\gnutls-3.1.8-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash
sha512 --load-privkey test.p8 --outfile test.crt
Generating a self signed certificate...
Enter password:
Please enter the details of the certificate's distinguished name. Just
press enter to ignore a field.
Common name:
.
.
.
D:\gnutls-3.1.8-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour --pkcs8
--outder --load-privkey test.p8 --load-certificate test.crt --outfile
test.p12
Generating a PKCS #12 structure...
Loading private key list...
certtool.exe: privkey_import: Decryption has failed.
D:\gnutls-3.1.8-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour --pkcs8
--outder --load-privkey test.p8 --load-certificate test.crt --outfile
test.p12 --debug 9999
Setting log level to 9999
|<2>| Intel AES accelerator was detected
|<2>| ASSERT: pkcs11.c:456
Generating a PKCS #12 structure...
Loading private key list...
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN DSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN EC PRIVATE KEY'
|<2>| ASSERT: privkey.c:484
|<2>| Falling back to PKCS #8 key decoding
|<2>| ASSERT: x509_b64.c:306
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:1199
|<2>| ASSERT: privkey_pkcs8.c:1351
certtool.exe: privkey_import: Decryption has failed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130210/9484497c/attachment-0001.htm>
More information about the Gnutls-help
mailing list