NSS 3.16 incompatibility
edfinnerty at gmx.com
Sun Aug 31 13:16:45 CEST 2014
I see that there's been no reply to this issue at all, either here or on
the NSS bug tracker site:
Should I assume that compatibility with NSS is not a goal at all for gpgsm?
On 03/31/14 01:07, Ed Finnerty wrote:
> Running this script:
> # Create an input file with random content
> dd if=/dev/urandom of=input.bin bs=1K count=1
> # Loop forever
> while : ; do
> # Cleanup previous output
> rm -f out.bin
> # Encrypt input, write to out.bin
> gpgsm -e -r email at address input.bin 2>/dev/null > out.bin
> # Decrypt with cmsutil
> cmsutil -D -d ~/.thunderbird/yourprofile.default -i out.bin -v -n
> # If cmsutil, break out of the loop
> if [[ $? != 0 ]] ; then
> echo "GOTCHA"
> done # While loop done
> Will eventually produce this output:
> NSS has been initialized.
> Got default certdb
> cmsutil: failed to decode message.
> cmsutil: problem decoding: SEC_ERROR_BAD_DATABASE: security library: bad
> Here's more info:
> $ gpgsm --version
> gpgsm (GnuPG) 2.0.22
> libgcrypt 1.5.3
> libksba 1.3.0
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Home: ~/.gnupg
> Supported algorithms:
> Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256,
> SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
> Pubkey: RSA, ECDSA
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL
> I'm using NSS 3.16.
> Obviously, you need to have the proper certificates imported with gpgsm,
> certutil, etc.
> What's happening?
More information about the Gnupg-devel