]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Changed the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 5 Jul 2010 06:21:07 +0000 (08:21 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 5 Jul 2010 06:24:45 +0000 (08:24 +0200)
cipher with the --pkcs-cipher option.

NEWS
src/certtool-gaa.c
src/certtool.c
src/certtool.gaa

diff --git a/NEWS b/NEWS
index 89fcf94c344d195309d6ad4e105d7b79725188ae..32702d84e2eb61e975dad48be82ca87cea2ff85c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -57,6 +57,10 @@ sizes for private keys using a human understandable scale.
 --pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs,
 --pkcs11-delete-url, --pkcs11-write
 
+certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior can
+be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
 ** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile
 can now accept a PKCS #11 URL in addition to a file. This will allow for
 example to use the Gnome-keyring trusted certificate list to verify
@@ -142,7 +146,6 @@ gnutls_pkcs11_copy_x509_crt: ADDED
 gnutls_pkcs11_copy_x509_privkey: ADDED
 gnutls_pkcs11_delete_url: ADDED
 
-
 * Version 2.9.10 (released 2010-04-22)
 
 ** libgnutls: Time verification extended to trusted certificate list.
index 3d5bda80598b31490392472b8d869f063eb0fb57..17fd5f673a1915ba3b3dc84408956e73e9834a63 100644 (file)
@@ -177,7 +177,7 @@ void gaa_help(void)
        __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
        __gaa_helpsingle(0, "infile", "FILE ", "Input file.");
        __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation.");
-       __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40).");
+       __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
        __gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11 provider library");
        __gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified a pkcs11 URL");
        __gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL");
@@ -1459,7 +1459,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
        gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
        gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
        gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; 
-       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
+       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
        gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; 
        gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; ;};
 
index dcca2fa28f72baf26714473833a3cf8eb3b63eb4..8a5c79efa4ff3fddfb39c0b957ebc5d5186a4c0c 100644 (file)
@@ -267,6 +267,14 @@ cipher_to_flags (const char *cipher)
     {
       return GNUTLS_PKCS_USE_PBES2_3DES;
     }
+  else if (strcasecmp (cipher, "3des-pkcs12") == 0)
+    {
+      return GNUTLS_PKCS_USE_PKCS12_3DES;
+    }
+  else if (strcasecmp (cipher, "arcfour") == 0)
+    {
+      return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
+    }
   else if (strcasecmp (cipher, "aes-128") == 0)
     {
       return GNUTLS_PKCS_USE_PBES2_AES_128;
index 1fcdc20f2181d1597afa45a865d2172906d3f338..28dcf298f8b463eee6de420657ca191809a87a8b 100644 (file)
@@ -133,7 +133,7 @@ option (infile) STR "FILE" { $infile = $1 } "Input file."
 option (template) STR "FILE" { $template = $1 } "Template file to use for non interactive operation."
 
 #char *pkcs_cipher;
-option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)."
+option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
 
 #char* pkcs11_provider;
 option (pkcs11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
@@ -171,6 +171,6 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL;
        $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; 
        $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0;
        $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; 
-       $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1; $pkcs11_provider= NULL;
+       $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL;
        $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; 
        $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; }