On F20 gnutls always generates encrypted PKCS #8 private keys even when no password is supplied: $ certtool --generate-privkey --pkcs8 --outfile pkcs8.key Generating a 2432 bit RSA private key... Enter password: $ head -n1 pkcs8.key -----BEGIN ENCRYPTED PRIVATE KEY-----
gnutls-3.1.23-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/gnutls-3.1.23-1.fc20
Package gnutls-3.1.23-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gnutls-3.1.23-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-4971/gnutls-3.1.23-1.fc20 then log in and leave karma (feedback).
gnutls-3.1.23-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.