NSS 3.16 incompatibility

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Mon Sep 1 03:14:56 CEST 2014


Hello,

On Sun, Aug 31, 2014 at 3:16 PM, Ed Finnerty <edfinnerty at gmx.com> wrote:
> I see that there's been no reply to this issue at all, either here or on
> the NSS bug tracker site:
> https://bugzilla.mozilla.org/show_bug.cgi?id=990958
>
> Should I assume that compatibility with NSS is not a goal at all for gpgsm?

I checked your scenario. It looks like it is a bug in the NSS, not in gpgsm.
openssl smime can correctly parse and decode the messages which
cause cmsutil to return an error.


>
> On 03/31/14 01:07, Ed Finnerty wrote:
>> Hello,
>>
>> Running this script:
>>
>> #!/bin/sh
>>
>> # Create an input file with random content
>> dd if=/dev/urandom of=input.bin bs=1K count=1
>>
>> # Loop forever
>> while : ; do
>>
>> # Cleanup previous output
>> rm -f out.bin
>>
>> # Encrypt input, write to out.bin
>> gpgsm -e -r email at address input.bin 2>/dev/null > out.bin
>>
>> # Decrypt with cmsutil
>> cmsutil -D -d ~/.thunderbird/yourprofile.default -i out.bin -v -n
>>
>> # If cmsutil, break out of the loop
>> if [[ $? != 0 ]] ; then
>>       echo "GOTCHA"
>>       break
>> fi
>>
>> done # While loop done
>>
>> Will eventually produce this output:
>>
>> NSS has been initialized.
>> Got default certdb
>> cmsutil: failed to decode message.
>> cmsutil: problem decoding: SEC_ERROR_BAD_DATABASE: security library: bad
>> database.
>> GOTCHA
>>
>> Here's more info:
>>
>> $ gpgsm --version
>> gpgsm (GnuPG) 2.0.22
>> libgcrypt 1.5.3
>> libksba 1.3.0
>> Copyright (C) 2013 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>>
>> Home: ~/.gnupg
>> Supported algorithms:
>> Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256,
>> SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
>> Pubkey: RSA, ECDSA
>> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL
>>
>> I'm using NSS 3.16.
>>
>> Obviously, you need to have the proper certificates imported with gpgsm,
>> certutil, etc.
>>
>> What's happening?
>>
>> Thanks.
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel



-- 
With best wishes
Dmitry



More information about the Gnupg-devel mailing list