For someone who has private keys in the clear and wants to continue
to use private keys in the clear - I agree that the new xmlsec command
will be incompatible (for openssl users atleast).
However, the very idea behind making this change is to eliminate the
"unhygenic" practice of using private keys in the clear...
But if you insist....
How do --privkey-der-pkcs8 and --privkey-pem-pkcs8 sound?.
-Tej
Aleksey Sanin wrote:
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec<title> You do break compatibility. Because there are PEM/DER clear text
key files and there are PKCS8 PEM/DER key files. The only thing that
you have to convert keys in test/* folder shows that.
Probably it would be better to introduce something like "--pkcs8-key" option
with similar switches "pem/der" format.
Aleksey
Tejkumar Arora wrote:
<title> The PKCS8 file containing the encrypted private key can be
either in PEM or DER format, so the backward compatibility
is not really broken. The API for loading the key from
PEM/DER files takes in a password argument already, so
no API changes are needed to use PKCS8 files.
-Tej
