PKCS#12 password length limit in sm/minip12.c

Rainer Perske rainer.perske at uni-muenster.de
Sun Nov 7 14:10:11 CET 2021


Hello, everyone

Currently, GnuPG cannot import PKCS#12 files protected with passwords 
longer than 31 bytes, giving a long series of error messages while 
trying to interpret the given password with all implemented character 
sets.

Before I file a bug report: Is there any good reason for limiting the 
password length for PKCS#12 files to 63/2 = 31 bytes in line 354 of 
"sm/minip12.c"?

Neither in the comments nor in the code below I can find any reason for 
a limit smaller than 63 bytes, and other software like OpenSSL allows 
for even longer passwords.

Should there be no such reason, I'd suggest to modify the limit in line 
354 of "sm/minip12.c". I did not test it, but as far as I can see, the 
rest of the code can handle up to 63 bytes, so this might be a 
reasonable limit forced by the current implementation.

Best regards
-- 
Rainer Perske
Systemdienste + Leiter der Zertifizierungsstelle (WWUCA)
-- 
Westfälische Wilhelms-Universität (WWU) Münster
WWU IT
Rainer Perske, Systemdienste
Röntgenstraße 7-13, Raum 006
48149 Münster
Tel.: +49 251 83-31582
E-Mail: rainer.perske at uni-muenster.de
Website: www.uni-muenster.de/it

Zertifizierungsstelle (WWUCA):
Tel.: +49 251 83-31590
E-Mail: ca at uni-muenster.de
WWW: www.uni-muenster.de/wwuca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5454 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20211107/a6e61f7d/attachment.bin>


More information about the Gnupg-devel mailing list