[Help-gnutls] Re: TLS/OpenPGP draft expiring soon

[Simon Josefsson]

address@hidden (Ludovic Courtès) writes:

> Hi,
>
> Simon Josefsson <address@hidden> writes:
>
>> Hi!  Actually, the tools works fine without your patch, IF I use a
>> newly generated key.
>
> Hmm, but without the patch, the DH parameters aren't used since the
> invocation of `gnutls_certificate_set_dh_params ()' is commented out,
> are they?

Doesn't it work for you?

Setting the DH and export RSA parameters are done through the
'get_params' function, if I understand correctly.

>> I suspect OpenCDK uses the wrong RSA key to encrypt and/or decrypt the
>> data.  I have several old and expired keys in my private key.  IIRC,
>> even GnuPG had a similar problem with my key some time ago.
>
> Then the key is to blame.  ;-)
>
> Or at least GnuTLS should return a more appropriate error, like
> `GNUTLS_A_CERTIFICATE_EXPIRED'.

Yes.  Alas, I can't send my private key for debugging... ;) If I get
time, I'll debug it.  The important thing is that it seems to work.
I'll add a client example and perhaps a self test too.

I'm still not certain what these parameters do, though:

     --pgpkeyring FILE        PGP Key ring file to use.
     --pgptrustdb FILE        PGP trustdb file to use.

I can guess that the former is used to search for keys when only the
fingerprint is sent, and the latter is used for WoT verification, but
neither seem to work.

If I understand correctly, this should work:

address@hidden:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile 
~/.gnupg-foo/pub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgpkeyring 
~/.gnupg-foo/pub.txt
Read Diffie Hellman parameters.
Echo Server ready. Listening to port '5556'.

Error in handshake
Error: Could not get OpenPGP key.

address@hidden:~$ gnutls-cli  --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile 
~/.gnupg-foo/sec.txt -p 5556 localhost  -f
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
*** Fatal error: Error in the push function.
*** Handshake has failed
GNUTLS ERROR: Error in the push function.
address@hidden:~$

But as you can see, the server wasn't able to find the OpenPGP key.
The error message on the client seems sub-optimal too.

Maybe this is an ASCII vs binary issue.  Ah, yes, it is.  After:

address@hidden:~$ gpg -a --export-secret-keys 40CD57C9 > ~/.gnupg/sec.bin
address@hidden:~$ gpg  --export-secret-keys 40CD57C9 > ~/.gnupg/sec.bin

Then it works:

address@hidden:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile 
~/.gnupg-foo/pub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgpkeyring 
~/.gnupg-foo/pub.bin
Read Diffie Hellman parameters.
Echo Server ready. Listening to port '5556'.


* connection from ::ffff:127.0.0.1, port 41465
- Given server name[1]: localhost
- Certificate type: OpenPGP
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: 
BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <address@hidden>

- Peer's key is valid
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE
...
address@hidden:~$ gnutls-cli  --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile 
~/.gnupg-foo/sec.txt -p 5556 localhost  -f
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- Certificate type: OpenPGP
 # The hostname in the key does NOT match 'localhost'.
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: 
BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <address@hidden>

- Peer's key is valid
- Could not find a signer of the peer's key
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed

- Simple Client Mode:


address@hidden:~$

Although it looks pretty serious that the server doesn't complain
about a missing signer for the key now.  Is it using the keyring as
the trustdb?

The trustdb parameter doesn't seem to have the binary vs ASCII
problem, and the signer stuff seem to work:

address@hidden:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile 
~/.gnupg-foo/pub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgptrustdb 
~/.gnupg-foo/pub.txt
Read Diffie Hellman parameters.
Echo Server ready. Listening to port '5556'.


* connection from ::ffff:127.0.0.1, port 39134
- Given server name[1]: localhost
- Certificate type: OpenPGP
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: 
BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <address@hidden>

- Peer's key is valid
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE

client:

address@hidden:~$ gnutls-cli  --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile 
~/.gnupg-foo/sec.txt -p 5556 localhost
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- Certificate type: OpenPGP
 # The hostname in the key does NOT match 'localhost'.
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: 
BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <address@hidden>

- Peer's key is valid
- Could not find a signer of the peer's key
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed

- Simple Client Mode:

So there are a few problems:

  * use static DH if none are supplied
  * fix reading of ASCII OpenPGP keyrings
  * fix error message in client when the server cannot find the openpgp key
  * investigate whether the server thinks the client's cert is ok
    when a keyring is specified
  * add self-tests for the above :)

and most importantly:

  * document how everything works, with examples like those in this message

Thanks,
Simon