[gnutls-help] Creating password protected private keys with certtool?
Josef Wolf
jw at raven.inka.de
Thu May 15 14:22:17 CEST 2014
On Thu, May 15, 2014 at 02:05:35PM +0200, Nikos Mavrogiannopoulos wrote:
> On Thu, May 15, 2014 at 1:06 PM, Josef Wolf <jw at raven.inka.de> wrote:
> > On Thu, May 15, 2014 at 11:52:31AM +0200, Noel Kuntze wrote:
> >> You can pass /dev/stdin instead of the file.
> >> /dev/stdin is a special device on *nix systems pointing to the program's standard input.
> >> If certtool doesn't do seeks on the file, it should work fine.
> > Noel, this sounds reasonable. But certtool insists to get a regular file:
> > $ certtool --pkcs8 --template /dev/stdin --generate-privkey --outfile CA-key.pem
> > fs error 22 (Invalid argument) on stat-ing for regular file /dev/stdin for option template
>
> Good to know. It was imposed by autogen's file option. I've now lifted
> that limitation.
Nikos, I'm not really sure whether this is a good idea. After all, insisting
on regular files prevents against symlink attacks.
Maybe a better solution would be to go for the unix tradition and special-case
the '-' to mean stdin/stdout (depending on context)
--
Josef Wolf
jw at raven.inka.de
More information about the Gnutls-help
mailing list