diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-26 10:01:04 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:41:21 +0200 |
commit | 512b3d32254c0f46500b9e226d108c7b7e1bf332 (patch) | |
tree | cf009328d8791803cb2288a6b8d64efbed90d2f9 | |
parent | 4a25bd9901c5e057bfa4ce6f733dd102120bfd3a (diff) | |
download | gnutls-512b3d32254c0f46500b9e226d108c7b7e1bf332.tar.gz |
certtool: use PKCS#8 format for generated RSA-PSS keys
An RSA-PSS key has additional parameters which cannot be stored
in the "standard" PKCS#1 format. For that when asked to generate
an RSA-PSS key, we export to the PKCS#8 form.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/certtool.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/certtool.c b/src/certtool.c index 5f08937cc9..27604b32b6 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -146,6 +146,11 @@ generate_private_key_int(common_info_st * cinfo) bits = get_bits(key_type, cinfo->bits, cinfo->sec_param, 1); + if (key_type == GNUTLS_PK_RSA_PSS && !cinfo->pkcs8) { + fprintf(stderr, "Assuming --pkcs8 is given; RSA-PSS private keys can only be exported in PKCS#8 format\n"); + cinfo->pkcs8 = 1; + } + if (key_type == GNUTLS_PK_EC) { int ecc_bits; |