using gpgsm

Aleksandar Milivojevic alex at milivojevic.org
Tue Jan 3 17:09:09 CET 2006 

Quoting Werner Koch <wk at gnupg.org>:

> On Thu, 29 Dec 2005 14:52:43 -0600, Aleksandar Milivojevic said:
>
>> was able to import PKCS#12 file.  Might be good idea if configure script was
>> checking if pinentry is installed and complaining if it wasn't, like 
>> for other
>
> That creates a dependency which is not needed in all cases.  Certain
> server applications don't need the pinentry.  It is matter of the
> packing system to decribe pinentry as a dependecy but not one of
> configure.

OK, I see...  makes sense.  However, maybe a warning message should be 
given. Something like that paragraph from README file that references 
pinentry (after
all, most folks will simply fire up "./configure" without reading 
README file).

>> $ openssl x509 -noout -text -in test.crt
>>        Subject: C=CA, ST=Quebec, L=Montreal,
>> O=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,
>
> That looks much like a double wide character encoding (ucs2 ?) and for
> sure is no utf-8.  gpgsm is able to convert certain encodings but not
> all of them.  Check out libksba/src/dn.c:append_atv.  It is possible
> that there is a bug in the implementation (append_ucs2_value).
>
>> BTW, the certificate in this example is almost unselectable using
>> gpgsm.  The CN
>> is in UTF-8, but when I looked closer into it, it doesn't really contain any
>> non-US-ASCII characters.  It just reads "Test_Imprimeur" (just remove
>> all those
>> "\x00").  However if I do 'gpgsm --list-keys CN=Test_Imprimeur', nothing is
>> displayed.
>
> Same reason as above.  Can you please run dumpasn1 on the certificate
> as created by OpenSSL and check the encoding of the "O" RDN?

Hmmm...  I've installed dumpasn1.  Got:

271   37:       SET {
273   35:         SEQUENCE {
275    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
280   28:           BMPString ''
         :           }
         :         }

I've attempted playing with the tool, but couldn't get any more usefull output
from it, other than this hex dump output (using -ahht options).

    <31 25 30 23 06 03 55 04 0A 1E 1C 00 54 00 65 00 73 00 74 00 5F 00 49 00>
271   37:       SET {
    <30 23 06 03 55 04 0A 1E 1C 00 54 00 65 00 73 00 74 00 5F 00 49 00 6D 00>
273   35:         SEQUENCE {
    <06 03 55 04 0A>
275    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
    <1E 1C 00 54 00 65 00 73 00 74 00 5F 00 49 00 6D 00 70 00 72 00 69 00 6D>
280   28:           BMPString ''
         :           }
         :         }

I don't know much about internal format of certificates.  Does above 
means that
O was simply defined as some kind of binary data and value placed 
inside in raw
format, without any encoding information?


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the Gnupg-users mailing list