NSS 3.16 incompatibility
dbaryshkov at gmail.com
Mon Sep 1 03:14:56 CEST 2014
On Sun, Aug 31, 2014 at 3:16 PM, Ed Finnerty <edfinnerty at gmx.com> wrote:
> I see that there's been no reply to this issue at all, either here or on
> the NSS bug tracker site:
> Should I assume that compatibility with NSS is not a goal at all for gpgsm?
I checked your scenario. It looks like it is a bug in the NSS, not in gpgsm.
openssl smime can correctly parse and decode the messages which
cause cmsutil to return an error.
> On 03/31/14 01:07, Ed Finnerty wrote:
>> Running this script:
>> # Create an input file with random content
>> dd if=/dev/urandom of=input.bin bs=1K count=1
>> # Loop forever
>> while : ; do
>> # Cleanup previous output
>> rm -f out.bin
>> # Encrypt input, write to out.bin
>> gpgsm -e -r email at address input.bin 2>/dev/null > out.bin
>> # Decrypt with cmsutil
>> cmsutil -D -d ~/.thunderbird/yourprofile.default -i out.bin -v -n
>> # If cmsutil, break out of the loop
>> if [[ $? != 0 ]] ; then
>> echo "GOTCHA"
>> done # While loop done
>> Will eventually produce this output:
>> NSS has been initialized.
>> Got default certdb
>> cmsutil: failed to decode message.
>> cmsutil: problem decoding: SEC_ERROR_BAD_DATABASE: security library: bad
>> Here's more info:
>> $ gpgsm --version
>> gpgsm (GnuPG) 2.0.22
>> libgcrypt 1.5.3
>> libksba 1.3.0
>> Copyright (C) 2013 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>> Home: ~/.gnupg
>> Supported algorithms:
>> Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256,
>> SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
>> Pubkey: RSA, ECDSA
>> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL
>> I'm using NSS 3.16.
>> Obviously, you need to have the proper certificates imported with gpgsm,
>> certutil, etc.
>> What's happening?
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
With best wishes
More information about the Gnupg-devel