NSS 3.16 incompatibility

Ed Finnerty edfinnerty at gmx.com
Mon Mar 31 00:07:15 CEST 2014


Hello,

Running this script:

#!/bin/sh

# Create an input file with random content
dd if=/dev/urandom of=input.bin bs=1K count=1

# Loop forever
while : ; do

# Cleanup previous output
rm -f out.bin

# Encrypt input, write to out.bin
gpgsm -e -r email at address input.bin 2>/dev/null > out.bin

# Decrypt with cmsutil
cmsutil -D -d ~/.thunderbird/yourprofile.default -i out.bin -v -n

# If cmsutil, break out of the loop
if [[ $? != 0 ]] ; then
	echo "GOTCHA"
	break
fi

done # While loop done

Will eventually produce this output:

NSS has been initialized.
Got default certdb
cmsutil: failed to decode message.
cmsutil: problem decoding: SEC_ERROR_BAD_DATABASE: security library: bad
database.
GOTCHA

Here's more info:

$ gpgsm --version
gpgsm (GnuPG) 2.0.22
libgcrypt 1.5.3
libksba 1.3.0
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256,
SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
Pubkey: RSA, ECDSA
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL

I'm using NSS 3.16.

Obviously, you need to have the proper certificates imported with gpgsm,
certutil, etc.

What's happening?

Thanks.



More information about the Gnupg-devel mailing list