[gnutls-help] certtool does not encrypt private keyfiles
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 2 08:28:44 CET 2013
On 10/31/2013 03:32 PM, w94f8726ui wrote:
> Hi,
>
> i generate a key with the following line:
>
> /usr/local/bin/certtool -p -8 --pkcs-cipher=aes-256
> --disable-quick-random --sec-param=ultra --password=XXXXX --outfile
> XXXXX.key
>
> Now i have a wonderful keyfile with a minor problem.
> The keyfile holds, pricate key, x and y in UNENCRYPTED values.
> After that the encrypted keypart starts.
>
> So, is this a bug or do i have to manually remove the unencrypted parts?
> Cause i think a lot of folks generate encrypted keyfiles and think that
> all the important info would be encrypted.
Thanks. That's a nice observation. Indeed certtool shouldn't print the
parameters if an encrypted key is requested. I'll check it.
regards,
Nikos
More information about the Gnutls-help
mailing list