diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-06 17:51:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-08 10:36:30 +0200 |
commit | d681a5f1e6b6231a2303415b2364fd3e98d82d74 (patch) | |
tree | 23e05d4362f302f146bb8fc0222eefe0dc566fc3 | |
parent | 8f2fdf61640e3a896bfe72ce72c8d8874f80457d (diff) | |
download | gnutls-d681a5f1e6b6231a2303415b2364fd3e98d82d74.tar.gz |
doc update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 7 | ||||
-rw-r--r-- | src/certtool-args.def | 9 |
2 files changed, 15 insertions, 1 deletions
@@ -5,6 +5,13 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2017 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.5.15 (unreleased) + +** certtool: Keys with provable RSA and DSA parameters are now only exported + in PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. + This removes the need for a non-standard key format. + + * Version 3.5.14 (released 2017-07-04) ** libgnutls: Handle specially HSMs which request explicit authentication. diff --git a/src/certtool-args.def b/src/certtool-args.def index 912810cf1a..1d692ec48b 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -60,7 +60,14 @@ flag = { flag = { name = provable; descrip = "Generate a private key or parameters from a seed using a provable method"; - doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. When specified the private keys or parameters will be generated from a seed, and can be proven to be correctly generated from the seed. You may specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with --generate-privkey or --generate-dh-params."; + doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. +When specified the private keys or parameters will be generated from a seed, and can be +later validated with --verify-provable-privkey to be correctly generated from the seed. You may +specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with +--generate-privkey or --generate-dh-params. + +That option applies to RSA and DSA keys. On the DSA keys the PQG parameters +are generated using the seed, and on RSA the two primes."; }; flag = { |