[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: TLS/OpenPGP draft expiring soon

From: Simon Josefsson
Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon
Date: Fri, 19 Jan 2007 15:08:57 +0100
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.92 (gnu/linux)

Also, creating examples and a self test for the OpenPGP stuff would be
useful.  Have you managed to get it to work at all?  I tried this:

address@hidden:~/src/gnutls$ gpg -a --export-secret-keys b565716f > 

The above step would be nice to avoid, btw, although I'm not exactly
sure which file formats are supported/required.  This area seems

Starting the server:

address@hidden:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-serv --pgpkeyring 
~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile 
~/privkey.gpg --pgpcertfile ~/
Echo Server ready. Listening to port '5556'.

Error in handshake
Error: Decryption has failed.

Starting the client:

address@hidden:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-cli --pgpkeyring 
~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile 
~/privkey.gpg --pgpcertfile ~/ --port 5556 localhost
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to ''...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [20]: Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.

Enabling debugging in the server indicate this:

|<2>| ASSERT: gnutls_pk.c:283
|<2>| ASSERT: auth_rsa.c:258
|<1>| auth_rsa: Possible PKCS #1 format attack

However, if I look at the decrypted RSA signature, it is just garbage.
Probably it is using the wrong private or public key.

I think the OpenPGP integration in GnuTLS generally needs some TLC,
and if you have time to work on it, that would appreciated.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]