On 2014-02-05 10:16, Nikos Mavrogiannopoulos wrote: > On Mon, Feb 3, 2014 at 11:56 PM, A L <[email protected]> wrote: >> I am trying to automate some of the key generation and request >> operations with certtool (gnutls 3.2.9). >> Normally omitting the --password from command line makes certtool prompt >> the user for a password, which is perfect in my shell scripts. >> It seems that when generating a CSR from an encrypted key, this does not >> happen. > Indeed, when the --template option is specified certtool goes to > non-interactive mode and will not ask for anything. There could be > some option --ask-pass to allow interaction for passwords during key > generation. I'll try adding that.
This sounds like a good option. Dealing with passwords in shell scripting is not very secure in any circomstance. Perhaps some option to use 'pinentry' might be useful. I will double check later, but I thought I tested supplying password inside the template.cfg, but the 'password' option was not used for CSR tasks. Thanks. ~A _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
