On (15/12/06 02:56), Felix Palmen wrote: > Hallo James, > > The error was thrown from x509_b64.c:449. The reason was very obvious > then: My key just starts with -----BEGIN PRIVATE KEY----- (no RSA or > DSA). > > After a little research, I found that this could mean it's in PKCS#8 > format. Indeed, I could convert it using OpenSSL's pkcs8 module and > GnuTLS works fine with the converted RSA key.
That's great thanks. Your explanation sounds right to me. > > So the problem is just that GnuTLS doesn't understand keys in PKCS#8 > format. Maybe this should get mentioned in README. However I think there is still a bug. GnuTLS can create PKCS#8 keys (certtool -p -8), so I think it should be able to read them. I just generated one with the above command, and then certtool -k failed with a base64 decoding error. So this bug should be to add support for reading PKCS#8 keys, or at the very least give a sensible error message. Have you got your certificate up and running with the converted one now? Thanks, James -- James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
