[gnutls-help] Creating password protected private keys with certtool?

Josef Wolf jw at raven.inka.de
Thu May 15 13:06:21 CEST 2014

On Thu, May 15, 2014 at 11:52:31AM +0200, Noel Kuntze wrote:
> You can pass /dev/stdin instead of the file.
> /dev/stdin is a special device on *nix systems pointing to the program's standard input.
> If certtool doesn't do seeks on the file, it should work fine.

Noel, this sounds reasonable. But certtool insists to get a regular file:

  $ certtool --pkcs8 --template /dev/stdin --generate-privkey --outfile CA-key.pem
  fs error 22 (Invalid argument) on stat-ing for regular file /dev/stdin for option template

Looks like I am stuck to something like:

  sub with_template {
    my ($template_contents, $certtool_args) = @_;
    use File::Temp qw(tempfile tempdir);
    File::Temp->safe_level (File::Temp::HIGH);
    my ($newfh, $newfn) = tempfile (UNLINK=>1);
    unlink $newfn;
    print $newfh join ("\n", @$template_contents, "");
    &certtool("--template"=>"/proc/$$/fd/".fileno($newfh), @$certtool_args);
    close $newfh;

Josef Wolf
jw at raven.inka.de

More information about the Gnutls-help mailing list