[gnutls-help] Certtool: Generate private key with password

MK mk at cognitivedissonance.ca
Sat Dec 6 19:16:22 CET 2014

In the certtool man page, there is the option to specify a password on
the command line w/ `--password`.   In the online manual:


This option is described as useful "to specify the password in the
command line instead of reading it from the tty".  This implies that
without this option, a password can be read from stdin.  However, there
doesn't seem to be any way to invoke such behavior.   The example in
the man page of how to generate a private key is:

certtool --generate-privkey --outfile key.pem --rsa

But this never asks for a password.

How can I generate a password protected private key without specifying
the password on the command line?   The only option I can find to
specify an encryption algorithm is `--pkcs-cipher`, but that seems
inappropriate and doesn't do anything in this case.

The certtool version is 3.2.11 compiled for Fedora 20.

Thanks -- MK

"Philosophy, love of wisdom, asserts a distance between love and wisdom,
  and in this gap that tenuously joins what it separates,
  we shall attempt to set up our cables." -> Avital Ronell

More information about the Gnutls-help mailing list