Hello, GnuTLS 3.1.8 can generate a certificate with an encrypted private key (thank you for fixing it), but cannot generate a PKCS #12 structure with that encrypted private key and that certificate, while GnuTLS 3.0.22 can.
Kind regards, Yan Fiz. D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-privkey --pkcs8 --pkcs-cipher aes-256 --rsa --sec-param normal --outfile test.p8 Generating a 2432 bit RSA private key... Enter password: Confirm password: D:\gnutls-3.0.22-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash sha512 --load-privkey test.p8 --outfile test.crt Generating a self signed certificate... Enter password: Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Country name (2 chars): . . . D:\gnutls-3.0.22-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour --pkcs8 --outder --load-privkey test.p8 --load-certificate test.crt --outfile test.p12 Generating a PKCS #12 structure... Enter password: Loading certificate list... Loaded 1 certificates. Enter a name for the key: Test Enter password: D:\gnutls-3.1.8-w32\bin>certtool.exe --generate-privkey --pkcs8 --pkcs-cipher aes-256 --rsa --sec-param normal --outfile test.p8 Generating a 2432 bit RSA private key... Enter password: D:\gnutls-3.1.8-w32\bin>certtool.exe --generate-self-signed --pkcs8 --hash sha512 --load-privkey test.p8 --outfile test.crt Generating a self signed certificate... Enter password: Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Common name: . . . D:\gnutls-3.1.8-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour --pkcs8 --outder --load-privkey test.p8 --load-certificate test.crt --outfile test.p12 Generating a PKCS #12 structure... Loading private key list... certtool.exe: privkey_import: Decryption has failed. D:\gnutls-3.1.8-w32\bin>certtool.exe --to-p12 --pkcs-cipher arcfour --pkcs8 --outder --load-privkey test.p8 --load-certificate test.crt --outfile test.p12 --debug 9999 Setting log level to 9999 |<2>| Intel AES accelerator was detected |<2>| ASSERT: pkcs11.c:456 Generating a PKCS #12 structure... Loading private key list... |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN DSA PRIVATE KEY' |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN EC PRIVATE KEY' |<2>| ASSERT: privkey.c:484 |<2>| Falling back to PKCS #8 key decoding |<2>| ASSERT: x509_b64.c:306 |<2>| Could not find '-----BEGIN PRIVATE KEY' |<2>| ASSERT: privkey_pkcs8.c:1199 |<2>| ASSERT: privkey_pkcs8.c:1351 certtool.exe: privkey_import: Decryption has failed.
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
