[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] About Future Plans: Private keys encrypted.

From: Nikos Mavrogiannopoulos
Subject: Re: [Help-gnutls] About Future Plans: Private keys encrypted.
Date: Tue, 15 Nov 2005 23:16:44 +0100
User-agent: KMail/1.8.2

On Tuesday 15 November 2005 20:52, Fran wrote:
> Hello,
> I can see that certtool do not encrypt keys and not support some keys
> generated with openssl (encrypted).
> I can see :
> > int gnutls_x509_privkey_import_pkcs8:
> >  This  function  will convert the given DER or PEM encoded PKCS8 2.0
> > encrypted key to the native gnutls_x509_privkey_t format. The output will
> > be stored in key.  Currently only RSA keys can be imported, and flags can
> > only be used to indicate an unencrypted key.
> I think that this is a very high risk security problem for applications
> that use a file key.

You can both encrypt and decrypt pkcs8 keys in gnutls. The only limitation is 
that pkcs8 2.0 is supported and not previous versions.

Nikos Mavrogiannopoulos

reply via email to

[Prev in Thread] Current Thread [Next in Thread]