The archives at gmane are down/gone, so can't search the list archives. Google search returns zilch. [My google-foo might be weak...]
Trying to encrypt a key after initial generation. The key was created without encryption. I can't manage to get certtool to do this. For example: certtool --load-privkey=ca-key.pem --outfile=ca-key-pass.pem --pkcs-cipher=aes256 Does not work. I've tried quite a myriad of other things/variation too, to no avail. I could probably do this in openssl, but why not do it all in certtool... And before the inevitable chap leaps up and says "Just encrypt the key the first time!" I'll forestall the whining by saying; "Yes, I want the key unencrypted to start." Why? Well... I'll often generate a bunch of keys/certs and I generally want the CA's key unencrypted for ease of generating a batch of signed certs/keys. [I really don't want to type in a complex password each time.] Thus, I'll generate the CA key without encryption. After I'm done generating the batch of certs/keys I'd like to then encrypt [for the first time] the CA key [or perhaps other keys] so it can't be used later without a password. [And yes, I know all about how important not allowing anyone to get the unencrypted key is... and why only a moron would generate it in unencrypted form. Yadda yadda... Assume whatever you want. :) ] I simply want to know how to accomplish key conversion both with a password to no-password and vice-versa using certtool. TIA -Greg _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
