Alex Samad <[EMAIL PROTECTED]> writes: >> > 2) If not how do you handle encrypted private keys >> >> You can load PKCS#8 protected keys using: >> >> gnutls_x509_privkey_import_pkcs8. >> >> And encrypted keys stored in PKCS#12 using: >> >> gnutls_certificate_set_x509_simple_pkcs12_file >> >> These are the two standard ways to encrypt private keys that I know of. >> OpenSSL has a proprietary standard that we don't support. > > This is the important bit of information I need, I had presumed their > encrypted pem (?!) was a standard, so I should be able to use password > protected pkcs12.
Whether to use PKCS#8 or PKCS#12 depends on whether you want to store the certificate and CA information as well. If you just want to protect the keys, use PKCS#8. If you want to include the certificate, use PKCS#12. Normally it is simpler to use PKCS#8 for the keys and provide the certificate in a separate file. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
