[gnutls-help] Creating password protected private keys with certtool?
Josef Wolf
jw at raven.inka.de
Thu May 15 11:47:05 CEST 2014
On Wed, May 14, 2014 at 10:00:30PM +0200, Nikos Mavrogiannopoulos wrote:
> On Wed, 2014-05-14 at 18:47 +0200, Josef Wolf wrote:
> > Note that --generate-self-signed don't ask for the password.
>
> If you use a template certtool enters non-interactive mode (batch mode).
> Then you can only specify the password in the template or use --ask-pass
> (in the latest versions).
Oh, I see.
Is there any other way to non-interactively pass the password?
Passing via --password makes it visible to the ps command.
Passing via file makes it readable in the case of crashes, when the removal of
the file might fail.
I tried the usual unix convention to pass the template on stdin by giving '-',
but certtool tries to open a file named '-' then.
I know, I can play tricks like deleting the file before writing to it and pass
/proc/xxx/fd/yy as filename to certtool. But that would be highly unportable.
--
Josef Wolf
jw at raven.inka.de
More information about the Gnutls-help
mailing list