Error: Bad length of salt (32) for AES when importing a p12 certificate

Nils Schween nils.schween at mpi-hd.mpg.de
Thu Sep 19 13:42:29 CEST 2024


Thanks for replying.

> Do have have a sample P12 file we can put into our regression tests?

I asked our IT department and unfortunately it is not allowed to issue
test certificates with dummy email addresses.

If it is necessary, I can try to create a certificate with openssl, that
reproduces the error.

Greetings,
Nils

Werner Koch <wk at gnupg.org> writes:

> On Thu, 19 Sep 2024 09:07, Nils Schween said:
>> A short follow up: I did some more tests and I found that the change of
>> the length of the salt array in the function 'parse_shrouded_key_bag'
>> suffices to import the certificate. It is actually enough to increase
>> the value from 20 to 32. Here is the git diff of my change of minip12.c
>
> Thanks for looking into this.
>
> Do have have a sample P12 file we can put into our regression tests?  In
> case you don't want to see that in a public repo we also have an
> internal collection of p12 files, in this case mail it to me privately -
> of course only if that is test data and not real key material.
>
>
> Salam-Shalom,
>
>    Werner

-- 
Nils Schween
PhD Student

Phone: +49 6221 516 557
Mail: nils.schween at mpi-hd.mpg.de
PGP-Key: 4DD3DCC0532EE96DB0C1F8B5368DBFA14CB81849

Max Planck Institute for Nuclear Physics
Astrophysical Plasma Theory (APT)
Saupfercheckweg 1, D-69117 Heidelberg
https://www.mpi-hd.mpg.de/mpi/en/research/scientific-divisions-and-groups/independent-research-groups/apt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5989 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240919/f4b43060/attachment-0001.bin>


More information about the Gnupg-users mailing list