using gpgsm

Werner Koch wk at
Mon Jan 2 14:37:44 CET 2006

On Thu, 29 Dec 2005 14:52:43 -0600, Aleksandar Milivojevic said:

> was able to import PKCS#12 file.  Might be good idea if configure script was
> checking if pinentry is installed and complaining if it wasn't, like for other

That creates a dependency which is not needed in all cases.  Certain
server applications don't need the pinentry.  It is matter of the
packing system to decribe pinentry as a dependecy but not one of

> $ openssl x509 -noout -text -in test.crt
>        Subject: C=CA, ST=Quebec, L=Montreal,
> O=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,

That looks much like a double wide character encoding (ucs2 ?) and for
sure is no utf-8.  gpgsm is able to convert certain encodings but not
all of them.  Check out libksba/src/dn.c:append_atv.  It is possible
that there is a bug in the implementation (append_ucs2_value).

> BTW, the certificate in this example is almost unselectable using 
> gpgsm.  The CN
> is in UTF-8, but when I looked closer into it, it doesn't really contain any
> non-US-ASCII characters.  It just reads "Test_Imprimeur" (just remove 
> all those
> "\x00").  However if I do 'gpgsm --list-keys CN=Test_Imprimeur', nothing is
> displayed.

Same reason as above.  Can you please run dumpasn1 on the certificate
as created by OpenSSL and check the encoding of the "O" RDN?



More information about the Gnupg-users mailing list