[gnutls-help] Creating password protected private keys with certtool?

Noel Kuntze noel at familie-kuntze.de
Thu May 15 11:52:31 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Josef,

You can pass /dev/stdin instead of the file.
/dev/stdin is a special device on *nix systems pointing to the program's standard input.
If certtool doesn't do seeks on the file, it should work fine.

Regards,
Noel Kuntze

Am 15.05.2014 11:47, schrieb Josef Wolf:
> On Wed, May 14, 2014 at 10:00:30PM +0200, Nikos Mavrogiannopoulos wrote:
>> On Wed, 2014-05-14 at 18:47 +0200, Josef Wolf wrote:
>>> Note that --generate-self-signed don't ask for the password.
>>
>> If you use a template certtool enters non-interactive mode (batch mode).
>> Then you can only specify the password in the template or use --ask-pass
>> (in the latest versions).
>
> Oh, I see.
>
> Is there any other way to non-interactively pass the password?
>
> Passing via --password makes it visible to the ps command.
>
> Passing via file makes it readable in the case of crashes, when the removal of
> the file might fail.
>
> I tried the usual unix convention to pass the template on stdin by giving '-',
> but certtool tries to open a file named '-' then.
>
> I know, I can play tricks like deleting the file before writing to it and pass
> /proc/xxx/fd/yy as filename to certtool. But that would be highly unportable.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTdI5fAAoJEDg5KY9j7GZYvS8QAJ5a7UGCO+Jm4zreOkeIAc1r
iN6holOlTMOJONUq42d/+42UhQaACJzh4IS9BvJSiquDPHJ9hO+xcTyAWYt2Mnku
3GtybtUaOzH0jCK2Lyx+NEZiLpqJvuSBavTxN27AjMn1aQL9+lCQ108PtyCFlSbZ
Qu9Xaaek/nuK0hbFAulzGwC+VLlQMsH3PQuRUDeO/eEx+xx1uTKVHILM6ThA9L+x
3KZHPJYubrQ6bSyRznJu37OAXgxuHiKZMwvhbcJaABpI+tDfJ2xbHGkonRbjLJxg
kwd7zZ/dInCO35tiJqAY5DdOsR0zSdJk1ER6HOHRB7uO3j0t6+stWcEsye7pvkN4
bkVnCJ2Uo41qBEYIQpFhndQ4SItjcn8vqK9KGm7jyxlZYCFFNMSfURLHEjAl7PCb
r76gY9cpclww0WF6dGDWqFtzopXRfNkFtEZhdLaSOcRYPxVS1YdCCJgz4IfS/l1d
DYCDNMTv3pqCfo4TC3uqbS3TQAL6DthDEL+gtVo7ggWQP/tauGn6zdBLU34BcN2L
hxtGwOlNN1tQs5mD1YO6LHQtVggTQWwVdOEAnZGXMgS+KXfIKD+lNnZNkDIXUBfJ
wrNpXg7l9sGjxA1ma2oRF9D8IxXGtODtN4QnaK+xqnXUlT7fx9mVaxXbgwGKG9mY
yjKH+5FHKrhPKBWnmAII
=IKw1
-----END PGP SIGNATURE-----




More information about the Gnutls-help mailing list