Michael Weiser wrote:
>>> - Is this at all sensible or (will it break|is it braindead|other >>> reason for never ever doing it)? >> I don't like pkcs-12 due to it's complexity, but nevertheless there is >> nothing (else) wrong with it and pretty much seems to fit here. > > What SSH does with it's identities is much what I'd like. After looking > at their code, I despaired of being able to get it implemented without > major breakage. > > PKCS12 might be complex on the inside but GNUTLS's PKCS12 API to me as > developer is nicely simple. If there were something similarly simple > API-wise with support for stronger ciphers and perhaps even a simpler > internal structure, I'd jump on it. :) > >>> - Can I use something stronger than RC4-128 for encryption? >> I believe PKCS-12 supports 3DES as well. > > Is there a way of adding something like AES-256? I've checked a bit and it seems there is a definition of the AES family in PKCS #5 2.1 (PBES). I have added support for them in the git repository. About using the secret bag, from a quick glimpse it seems it can only be used with a custom extension. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
