[gnutls-help] certtool does not encrypt private keyfiles

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 2 08:28:44 CET 2013

On 10/31/2013 03:32 PM, w94f8726ui wrote:
> Hi,
> i generate a key with the following line:
> /usr/local/bin/certtool -p -8 --pkcs-cipher=aes-256
> --disable-quick-random --sec-param=ultra --password=XXXXX --outfile
> XXXXX.key
> Now i have a wonderful keyfile with a minor problem.
> The keyfile holds, pricate key, x and y in UNENCRYPTED values.
> After that the encrypted keypart starts.
> So, is this a bug or do i have to manually remove the unencrypted parts?
> Cause i think a lot of folks generate encrypted keyfiles and think that
> all the important info would be encrypted.

Thanks. That's a nice observation. Indeed certtool shouldn't print the
parameters if an encrypted key is requested. I'll check it.


More information about the Gnutls-help mailing list