diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-05 08:21:07 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-05 08:24:45 +0200 |
| commit | 0d004a210db5d220c896456a165c81264fa4454a (patch) | |
| tree | fe48a59a1015dd7fce1d7eff05a7cc7af838ca83 /src | |
| parent | b422230d1b846155b64a9e8cdcf8ed2563f442cc (diff) | |
| download | gnutls-0d004a210db5d220c896456a165c81264fa4454a.tar.gz | |
Changed the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12
cipher with the --pkcs-cipher option.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-gaa.c | 4 | ||||
| -rw-r--r-- | src/certtool.c | 8 | ||||
| -rw-r--r-- | src/certtool.gaa | 4 |
3 files changed, 12 insertions, 4 deletions
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index 3d5bda8059..17fd5f673a 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -177,7 +177,7 @@ void gaa_help(void) __gaa_helpsingle(0, "outfile", "FILE ", "Output file."); __gaa_helpsingle(0, "infile", "FILE ", "Input file."); __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation."); - __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)."); + __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."); __gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11 provider library"); __gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified a pkcs11 URL"); __gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL"); @@ -1459,7 +1459,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; - gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL; + gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL; gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; ;}; diff --git a/src/certtool.c b/src/certtool.c index dcca2fa28f..8a5c79efa4 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -267,6 +267,14 @@ cipher_to_flags (const char *cipher) { return GNUTLS_PKCS_USE_PBES2_3DES; } + else if (strcasecmp (cipher, "3des-pkcs12") == 0) + { + return GNUTLS_PKCS_USE_PKCS12_3DES; + } + else if (strcasecmp (cipher, "arcfour") == 0) + { + return GNUTLS_PKCS_USE_PKCS12_ARCFOUR; + } else if (strcasecmp (cipher, "aes-128") == 0) { return GNUTLS_PKCS_USE_PBES2_AES_128; diff --git a/src/certtool.gaa b/src/certtool.gaa index 1fcdc20f21..28dcf298f8 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -133,7 +133,7 @@ option (infile) STR "FILE" { $infile = $1 } "Input file." option (template) STR "FILE" { $template = $1 } "Template file to use for non interactive operation." #char *pkcs_cipher; -option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)." +option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)." #char* pkcs11_provider; option (pkcs11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library" @@ -171,6 +171,6 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; - $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1; $pkcs11_provider= NULL; + $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL; $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; } |