exporting private key from gpgsm

Anand Kumria wildfire at progsoc.uts.edu.au
Mon Dec 26 09:27:47 CET 2005


Hi,

I stumbled across
<http://www.fsfe.org/en/fellows/werner/weblog/creating_server_certificates_with_gnupg> which documents how to generate a server certificate.

I've done this and had it successfully signed by CAcert.  However I'm
not able to extract the private key in a usable form.

For the public key I can do:
	gpgsm --export keygrab > server.crt

But the server software (exim4 from Debian) I am using does NOT like:
	gpgsm --export-secret-key-p12 > server.key

It wants the private key in
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----

form, which I believe is PKCS#8 form. Worse neither openssl (0.9.8a-3)
not gnutls (1.2.9-2) are able to parse the PKCS#12 secret key that gpgsm
(1.9.19-2) produces.

eve:[~/PKI/CA]% openssl pkcs12 -info -in giskard.key.p12
14397:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1282:
14397:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=PKCS12

eve:[~/PKI/CA]% certtool --p12-info --infile giskard.key.pem
Enter password:
p12_import: Base64 decoding error.

Any information, or suggestions, would be appreciatd.

Thanks,
Anand
-- 
 `When any government, or any church for that matter, undertakes to say to
  its subjects, "This you may not read, this you must not see, this you are
  forbidden to know," the end result is tyranny and oppression no matter how
  holy the motives' -- Robert A Heinlein, "If this goes on --"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Digital signature
Url : /pipermail/attachments/20051226/6bcbd1fc/attachment.pgp


More information about the Gnupg-devel mailing list