[gnutls-help] certtool - key encipherment (X.509v3 extension)

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Dec 15 17:46:29 CET 2015

On Tue, Dec 15, 2015 at 5:36 PM, Tobias --- <tobbe.se at gmail.com> wrote:
> I did write honor_crq_extensions. I just got confused when I read "honour"
> somewhere else regarding this subject.
> I've made additional attempts. The CSR doesn't contain the key encipherment
> extension either. It only contains the other two extensions. I even copy
> that extension straight out of the certtool manpage and it still won't
> accept the extension. I wrote a separate template that contained
> honor_crq_exntesions and encryption_key but it didn't produce the desired
> result.
> Does it matter that I use ECDSA?

Yes, you cannot encrypt with ECDSA keys. They are signing keys.


More information about the Gnutls-help mailing list