On Wed, 2014-05-14 at 18:47 +0200, Josef Wolf wrote: > On Wed, May 14, 2014 at 04:58:04PM +0200, Josef Wolf wrote: > > I just noticed that I get encrypted keys when I use the --pkcs8 option. But > > then, certtool insists to read the password from the keyboard. Is it > > possible > > to provide the password on stdin or something? > > Unfortunately, --generate-self-signed don't seem to be able to handle > encrypted keys: > > $ certtool --pkcs8 --generate-privkey --sec-param=high --outfile > x509-ca-key.pem > Generating a 3248 bit RSA private key... > Enter password: > $ certtool --pkcs8 --generate-self-signed --template ca.templ > --load-privkey x509-ca-key.pem --outfile x509-ca.pem > Generating a self signed certificate... > certtool: importing --load-privkey: x509-ca-key.pem: Decryption has failed. > Note that --generate-self-signed don't ask for the password.
If you use a template certtool enters non-interactive mode (batch mode). Then you can only specify the password in the template or use --ask-pass (in the latest versions). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
