Hello, I tried to generate a self signed certificate with an encrypted private key. GnuTLS 3.0.22 is OK, but GnuTLS 3.1.7 gives error with the same commands.
D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-privkey --pkcs8 --pkcs-cipher aes-256 --rsa --bits 2048 --outfile test.p8 ** Note: Please use the --sec-param instead of --bits Generating a 2048 bit RSA private key... Enter password: Confirm password: D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash sha512 --load-privkey test.p8 --outfile test.crt Generating a self signed certificate... Enter password: Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Country name (2 chars): . . . D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-privkey --pkcs8 --pkcs-cipher aes-256 --rsa --bits 2048 --outfile test.p8 ** Note: Please use the --sec-param instead of --bits Generating a 2048 bit RSA private key... Enter password: D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash sha512 --load-privkey test.p8 --outfile test.crt Generating a self signed certificate... certtool.exe: import error: could not find a valid PEM header; check if your key is PKCS #12 encoded D:\gnutls-3.1.7-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash sha512 --load-privkey test.p8 --outfile test.crt --debug 9999 Setting log level to 9999 |<2>| Intel AES accelerator was detected |<2>| ASSERT: pkcs11.c:456 Generating a self signed certificate... |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN DSA PRIVATE KEY' |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN EC PRIVATE KEY' |<2>| ASSERT: privkey.c:484 |<2>| Falling back to PKCS #8 key decoding |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN PRIVATE KEY' |<2>| ASSERT: privkey_pkcs8.c:1199 |<2>| ASSERT: privkey_pkcs8.c:1351 |<2>| ASSERT: privkey.c:638 |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN PRIVATE KEY' |<9>| keyDerivationFunc.algorithm: 1.2.840.113549.1.5.12 |<9>| salt.specified.size: 14 |<9>| iterationCount: 263 |<2>| ASSERT: mpi.c:246 |<9>| keyLength: 0 |<9>| encryptionScheme.algorithm: 2.16.840.1.101.3.4.1.42 |<9>| IV.size: 16 |<2>| ASSERT: privkey_pkcs8.c:1199 |<2>| ASSERT: privkey_pkcs8.c:998 |<2>| ASSERT: privkey_pkcs8.c:1351 |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN PKCS12' |<2>| ASSERT: pkcs12.c:216 |<2>| ASSERT: privkey.c:577 |<2>| ASSERT: privkey_openssl.c:158 |<2>| ASSERT: privkey.c:655 |<2>| ASSERT: gnutls_privkey.c:932 certtool.exe: import error: could not find a valid PEM header; check if your key is PKCS #12 encoded
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
