[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: certtool: --pkcs-cipher option not working
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: certtool: --pkcs-cipher option not working |
Date: |
Sat, 26 Jun 2010 22:01:26 +0200 |
User-agent: |
Thunderbird 2.0.0.24 (X11/20100411) |
Timo Gerke wrote:
Hello,
> Hi all,
>
> I'm new to this list, so I hope this report can help you to figure out
> my problem.
>
> when I generate a private key (DSA) with certtool, e. g.
> certtool -p --dsa --pkcs-cipher aes-256 --outfile privkey.pem
> The key won't get encyrpted.
This correct. The default output format is not pkcs8 and thus the
--pkcs-cipher is ignored.
> If I use
> certtool -p --pkcs8 --dsa --pkcs-cipher aes-256 --outfile privkey.pem
> I get following output:
This is the correct command. It seems you uncovered a bug and when
generating a key with the --pkcs8 parameter it always uses 3des. To
avoid that generate the key as you did in the first case and then
convert it to pkcs8 format using
/certtool -k --to-p8 --pkcs-cipher aes-128 --load-privkey privkey.pem >
output.p8
I've fixed the problem in the git repository.
regards,
Nikos