[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internal error returned from within gnutls_certificate_set_openpgp_k
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Internal error returned from within gnutls_certificate_set_openpgp_key() |
|
Date: |
Fri, 21 Sep 2012 18:12:24 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6 |
On 09/21/2012 11:37 AM, Joke de Buhr wrote:
> hi,
>
> i discovered the internal error seems to be related to the openpgp key size.
> if the key contains just a single signing subkey with 2048 or more bits
> gnutls
> reports the internal error. a signing subkey with 1024 bits will however.
>
> moreover the key can contain encryption subkeys up to 4096 bits without
> problem as long as the encryption subkey isn't marked for signing. the
> authentication flags doesn't seem to have any effect at all.
>
> the problem seems to be related to the key exchange algorithm. the signature
> flag enables DHE_RSA and ECDHE_RSA whereas the encryption flag enable RSA key
> exchange.
> any comments on how to avoid this problem?
Sorry for the late reply. What you say about the sizes could be because
of a static buffer used in gnutls. Could you enable debugging to figure
out which place rejects the long keys?
About the signing flags, you need them in order to use DHE-RSA and
ECDHE-RSA. Those two require RSA signatures. The RSA algorithm requires
an RSA encryption key. Does this explain what you notice?
regards,
Nikos