No option to encrypt keys ?

Question

No option to encrypt keys ?

udf2457 opened this issue a year ago · comments

udf2457 commented a year ago

There seems to be a rather odd accidental omisison in tuftool.

As far as I can tell, there is no option to encrypt a locally stored key ?

tuftool root gen-rsa-key doesn't prompt for password and tuftool root gen-rsa-key --help shows no password options.

Patrick J.P. Culp · Answer 1 · Tue Apr 04 2023 04:22:39 GMT+0800 (China Standard Time)

@udf2457, thanks for reaching out! You are correct that generating encrypted keys is currently not supported by tuftool, but I'll bring this up with the rest of the team.

udf2457 · Answer 2 · Tue Apr 04 2023 04:29:22 GMT+0800 (China Standard Time)

Thansk @jpculp ... I mean, I'd rather have PIV/PKCS#11 support as per issues/537, but encrypted keys would be better than nothing. ;-)