[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Encrypted private keys
|
From: |
Simon Josefsson |
|
Subject: |
[Help-gnutls] Re: Encrypted private keys |
|
Date: |
Thu, 29 May 2008 15:58:50 +0200 |
|
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
"Alex Samad" <address@hidden> writes:
> Hi
>
> I am a debian user and use gnutls library indirectly, previously I used
> openssl, but debian has made a move over to gnutls.
>
> Previously with openssl I had setup ldapsearch to use x509 certs to identify
> myself, I encrypted my private certs with a password. Since the move to
> gnutls I have been unable to use encrypted private keys.
>
> I thought maybe it was a config difference between gnutls and openssl, but
> with all the reading I have done of certtool documentation I can't find any
> place to setup a encrypted private key.
>
> I have raised a bug report against the maintainers of ldap-utils, this is
> the package that has ldapsearch ( and other ldap-commands), but they are a
> bit low on resources now.
>
> So I thought I would come to the list and find out
>
> 1) is it true that the libraries can't handle encrypted private keys
No.
> 2) If not how do you handle encrypted private keys
You can load PKCS#8 protected keys using:
gnutls_x509_privkey_import_pkcs8.
And encrypted keys stored in PKCS#12 using:
gnutls_certificate_set_x509_simple_pkcs12_file
These are the two standard ways to encrypt private keys that I know of.
OpenSSL has a proprietary standard that we don't support.
/Simon