[gnutls-help] Creating password protected private keys with certtool?

Josef Wolf jw at raven.inka.de
Wed May 14 16:58:04 CEST 2014


On Wed, May 14, 2014 at 10:35:44AM -0400, Daniel Kahn Gillmor wrote:

Thanks for the quick response, Daniel!

> On 05/14/2014 09:37 AM, Josef Wolf wrote:
> >   certtool --generate-privkey --outfile x509-ca-key.pem --password "secret"
> 
> What version of certtool are you using?  how can you tell that the file
> is not encrypted?

I'm using 3.0.28, as it comes with opensuse-12.3.

I assume it is not encrypted because it don't ask me for the password when I
use it for anything:

jw at raven:/m/s/rep/git/catool$ certtool --version
certtool 3.0.28
[ ... ]
jw at raven:/m/s/rep/git/catool$ certtool --generate-privkey --outfile x.pem --password x
Generating a 2432 bit RSA private key...
jw at raven:/m/s/rep/git/catool$ certtool --key-info < x.pem | head -5
Public Key Info:
        Public Key Algorithm: RSA
        Key Security Level: Normal

I just noticed that I get encrypted keys when I use the --pkcs8 option. But
then, certtool insists to read the password from the keyboard. Is it possible
to provide the password on stdin or something?


-- 
Josef Wolf
jw at raven.inka.de



More information about the Gnutls-help mailing list