[gnutls-help] Creating password protected private keys with certtool?
Josef Wolf
jw at raven.inka.de
Wed May 14 18:47:00 CEST 2014
On Wed, May 14, 2014 at 04:58:04PM +0200, Josef Wolf wrote:
> I just noticed that I get encrypted keys when I use the --pkcs8 option. But
> then, certtool insists to read the password from the keyboard. Is it possible
> to provide the password on stdin or something?
Unfortunately, --generate-self-signed don't seem to be able to handle
encrypted keys:
$ certtool --pkcs8 --generate-privkey --sec-param=high --outfile x509-ca-key.pem
Generating a 3248 bit RSA private key...
Enter password:
$ certtool --pkcs8 --generate-self-signed --template ca.templ --load-privkey x509-ca-key.pem --outfile x509-ca.pem
Generating a self signed certificate...
certtool: importing --load-privkey: x509-ca-key.pem: Decryption has failed.
Note that --generate-self-signed don't ask for the password.
This time 3.2.4 from opensuse-13.1
--
Josef Wolf
jw at raven.inka.de
More information about the Gnutls-help
mailing list