[gnutls-help] Creating password protected private keys with certtool?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 14 16:35:44 CEST 2014

On 05/14/2014 09:37 AM, Josef Wolf wrote:

> I am trying to create password protected private keys with the following
> command:
>   certtool --generate-privkey --outfile x509-ca-key.pem --password "secret"
> but the resulting file don't seem to be encrypted. 

What version of certtool are you using?  how can you tell that the file
is not encrypted?

it seems to work for me:

0 dkg at alice:~$ certtool --version
certtool 3.2.14
Copyright (C) 2000-2014 Free Software Foundation, and others, all rights
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>

Please send bug reports to:  <bugs at gnutls.org>
0 dkg at alice:~$ certtool --generate-privkey --outfile x.pem --password x
Assuming PKCS #8 format...
Generating a 2432 bit RSA private key...
0 dkg at alice:~$ certtool --key-info < x.pem
Encrypted structure detected...
Enter password:
Public Key Info:
	Public Key Algorithm: RSA
	Key Security Level: Normal (2432 bits)


If you give more information, we can help debug better.

All the best,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140514/0543d331/attachment.sig>

More information about the Gnutls-help mailing list