Using Scute with a 4096-bit key and TLSv1.2?
Nicolas Boullis
nicolas.boullis at ecp.fr
Tue Sep 27 12:23:22 CEST 2016
Hi,
I’ve long been using GnuPG with a PKCS#15 token, through OpenSC and
gnupg-pkcs11-scd. Then I switched to an OpenPGP smartcard, and I’m very
happy with the (much) simpler configuration and the ability to use my
smartcard for SSH authentication.
Now, I’d love it if I could also use my smartcard for https
authentication with client certificate, so I gave a try to Scute.
First issue: I have 4096-bit keys, which the current release of scute
(1.4.0) does not handle. Fortunately, the problem is fixed in git.
Second issue: also it now seems to work fine with TLSv1.1, it fails with
TLSv1.2. Firefox reports:
A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the
requested function could not be performed. Trying the same operation
again might succeed. Error code: SEC_ERROR_PKCS11_FUNCTION_FAILED
As far as I can see, this problem was discussed 2 years ago on this
list:
https://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028717.html
and the commit e22c8cfa12849b215f16afb34f7a5dc233dbc70a seems to be
meant to address this problem…
Any idea how I can have this problem fixed?
I am no crypto-guru and probably can’t solve this problem all by myself,
but I’d be happy to test things…
BTW, are there plans to release Scute 1.5.0 anytime soon?
FWIW, I’m running Debian 8.6 (Jessie) with the provided GnuPG; I only
tried tu build Scute from git.
Cheers,
--
Nicolas Boullis
More information about the Gnupg-devel
mailing list