[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internal error returned from within gnutls_certificate_set_openpgp_k
|
From: |
Joke de Buhr |
|
Subject: |
Re: Internal error returned from within gnutls_certificate_set_openpgp_key() |
|
Date: |
Fri, 21 Sep 2012 11:37:19 +0200 |
|
User-agent: |
KMail/4.8.5 (Linux/3.5.1-1.fc17.x86_64; KDE/4.8.5; x86_64; ; ) |
hi,
i discovered the internal error seems to be related to the openpgp key size.
if the key contains just a single signing subkey with 2048 or more bits gnutls
reports the internal error. a signing subkey with 1024 bits will however.
moreover the key can contain encryption subkeys up to 4096 bits without
problem as long as the encryption subkey isn't marked for signing. the
authentication flags doesn't seem to have any effect at all.
the problem seems to be related to the key exchange algorithm. the signature
flag enables DHE_RSA and ECDHE_RSA whereas the encryption flag enable RSA key
exchange.
any comments on how to avoid this problem?
regards
joke
On Tuesday 18 September 2012 19:32:45 you wrote:
> well, it seems this error has something to do with the flags of the
> authentication subkey.
>
> if the subkey is marked for authentication and signing
> gnutls_certificate_set_openpgp_key() will report an internal error. if the
> subkey is not marked for signing the function reports success. the
> encryption flags doesn't seem to matter.
>
>
> regards
> joke
>
> On Tuesday 18 September 2012 11:34:18 you wrote:
> > hi,
> >
> > i'm using GnuTLS version 3.1.1.
> >
> > there seems to be a problem within gnutls_certificate_set_openpgp_key().
> >
> > gnutls_certificate_set_openpgp_key() uses gnutls_privkey_import_openpgp()
> > (flag GNUTLS_PRIVKEY_IMPORT_COPY) to obtain a copy of the passed private
> > key. copying is done calling _gnutls_openpgp_privkey_cpy() with in turn
> > calls gnutls_openpgp_privkey_export() and gnutls_openpgp_privkey_import().
> >
> > during this copying procedure the key somehow gets messed up and
> > gnutls_openpgp_privkey_import() returns GNUTLS_E_INTERNAL_ERROR.
> >
> > importing the private key with gnutls_openpgp_privkey_import() in the
> > first
> > place to pass the parameter to gnutls_certificate_set_openpgp_key() worked
> > without problem. the pgp-key contains a master-key with flags SCE and a
> > single subkey with flags SEA. using a pgp-key with just a master-key seems
> > to work by the way.
> >
> > if needed i'm can provide a test program and the gpg-key.
> >
> >
> > regards
> > Joke
signature.asc
Description: This is a digitally signed message part.
- Internal error returned from within gnutls_certificate_set_openpgp_key(), Joke de Buhr, 2012/09/18
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Joke de Buhr, 2012/09/18
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(),
Joke de Buhr <=
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Nikos Mavrogiannopoulos, 2012/09/21
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Joke de Buhr, 2012/09/22
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Nikos Mavrogiannopoulos, 2012/09/23
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Joke de Buhr, 2012/09/23
- Re: Internal error returned from within gnutls_certificate_set_openpgp_key(), Nikos Mavrogiannopoulos, 2012/09/23