[gnutls-help] No password prompt with csr generation when input is an encrypted pkcs8 key

A L mail at lechevalier.se
Wed Feb 5 18:02:45 CET 2014

On 2014-02-05 10:16, Nikos Mavrogiannopoulos wrote:
> On Mon, Feb 3, 2014 at 11:56 PM, A L <mail at lechevalier.se> wrote:
>> I am trying to automate some of the key generation and request
>> operations with certtool (gnutls 3.2.9).
>> Normally omitting the --password from command line makes certtool prompt
>> the user for a password, which is perfect in my shell scripts.
>> It seems that when generating a CSR from an encrypted key, this does not
>> happen.
> Indeed, when the --template option is specified certtool goes to
> non-interactive mode and will not ask for anything. There could be
> some option --ask-pass to allow interaction for passwords during key
> generation. I'll try adding that.

This sounds like a good option. Dealing with passwords in shell
scripting is not very secure in any circomstance. Perhaps some option to
use 'pinentry' might be useful.

I will double check later, but I thought I tested supplying password
inside the template.cfg, but the 'password' option was not used for CSR



More information about the Gnutls-help mailing list