gnutls_cipher_tag - Linux


gnutls_cipher_tag is a command-line utility used to manage TLS record layer tags. It enables users to create, import, export, list, and delete tags. Tags serve as a means to identify and authenticate TLS connections based on shared secrets or identities.


gnutls_cipher_tag [-h] [-v]
                    [-t <name>]
                    {create <label> <secret> | import <label> <file> | export <label> [<file>] | list | delete <label>}


  • -h: Display the help message and exit.
  • -v: Increase verbosity level.
  • -t <name>: Specify TLS version and cipher suite. The default is "TLS1_3:CHACHA20_POLY1305".


Create a new tag:

gnutls_cipher_tag create my_tag my_super_secret

Import a tag from a file:

gnutls_cipher_tag import my_other_tag tag_file.bin

Export a tag to a file:

gnutls_cipher_tag export my_tag my_exported_tag.bin

List all tags:

gnutls_cipher_tag list

Delete a tag:

gnutls_cipher_tag delete my_tag

Common Issues

  • Tag not found: Ensure the specified label is correct and that the tag exists.
  • Invalid secret: The secret provided must be a valid TLS pre-shared key or a DER/PEM-encoded certificate.


gnutls_cipher_tag can be used in conjunction with the gnutls-cli and gnutls-serv commands to establish TLS connections using the created tags.

Related Commands