GNU extensions to read_s2k for GnuTLS 2.4.x [was: Re: GNU extensions to read_s2k for 2.5.x]

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Fri Aug 22 08:36:45 CEST 2008


On Fri 2008-08-22 01:14:11 -0400, Daniel Kahn Gillmor wrote:

> In particular, it treats S2K mode 101 as GNU-Dummy, when in fact it
> should be "GNU Extensions", and it should just test the data after
> the hash to find out whether it's the gnu-dummy extension or not.

Attached is the revised patch against the GnuTLS 2.4.x series that
adopts the same semantic clarification.  This applies against 2.4.1 as
shipped in debian lenny, if anyone is interested.  

I've prepared patched .debs, which are available from the monkeysphere
repository:

  http://monkeysphere.info/news/modified-gnutls-2.4.x-available/

They're working for me nicely at the moment.

For anyone interested in testing, below is a public key with the
primary key stripped (using GNU-Dummy S2K), and an
authentication-capable subkey with unencrypted secret material.

I think this would be a reasonable method to provide private keys to a
typical TLS-capable service (such as HTTPS or SMTP).

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

lQCVBEO3YdABBACRqqEnucag4+vyZny2M67Pai5+5suIRRvY+Ly8Ms5MvgCi3EVV
xT05O/+0ShiRaf+QicCOFrhbU9PZzzU+seEvkeW2UCu4dQfILkmj+HBEIltGnHr3
G0yegHj5pnqrcezERURf2e17gGFWX91cXB9Cm721FPXczuKraphKwCA9PwARAQAB
/gNlAkdOVQG0OURlbW9uc3RyYXRpb24gS2V5IGZvciBTMksgR05VIGV4dGVuc2lv
biAxMDAxIC0tIGdudS1kdW1teYi8BBMBAgAmBQJDt2HQAhsDBQkB4TOABgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQQZUwSa4UDezTOQP/TMQXUVrWzHYZGopoPZ2+
ZS3qddiznBHsgb7MGYg1KlTiVJSroDUBCHIUJvdQKZV9zrzrFl47D07x6hGyUPHV
aZXvuITW8t1o5MMHkCy3pmJ2KgfDvdUxrBvLfgPMICA4c6zA0mWquee43syEW9NY
g3q61iPlQwD1J1kX1wlimLCdAdgEQ7dh0AEEANAwa63zlQbuy1Meliy8otwiOa+a
mH6pxxUgUNggjyjO5qx+rl25mMjvGIRX4/L1QwIBXJBVi3SgvJW1COZxZqBYqj9U
8HVT07mWKFEDf0rZLeUE2jTm16cF9fcW4DQhW+sfYm+hi2sY3HeMuwlUBK9KHfW2
+bGeDzVZ4pqfUEudABEBAAEAA/0bemib+wxub9IyVFUp7nPobjQC83qxLSNzrGI/
RHzgu/5CQi4tfLOnwbcQsLELfker2hYnjsLrT9PURqK4F7udrWEoZ1I1LymOtLG/
4tNZ7Mnul3wRC2tCn7FKx8sGJwGh/3li8vZ6ALVJAyOia5TZ/buX0+QZzt6+hPKk
7MU1WQIA4bUBjtrsqDwro94DvPj3/jBnMZbXr6WZIItLNeVDUcM8oHL807Am97K1
ueO/f6v1sGAHG6lVPTmtekqPSTWBfwIA7CGFvEyvSALfB8NUa6jtk27NCiw0csql
kuhCmwXGMVOiryKEfegkIahf2bAd/gnWHPrpWp7bUE20v8YoW22I4wIAhnm5Wr5Q
Sy7EHDUxmJm5TzadFp9gq08qNzHBpXSYXXJ3JuWcL1/awUqp3tE1I6zZ0hZ38Ia6
SdBMN88idnhDPqPoiKUEGAECAA8FAkO3YdACGyAFCQHhM4AACgkQQZUwSa4UDezm
vQP/ZhK+2ly9oI2z7ZcNC/BJRch0/ybQ3haahII8pXXmOThpZohr/LUgoWgCZdXg
vP6yiszNk2tIs8KphCAw7Lw/qzDC2hEORjWO4f46qk73RAgSqG/GyzI4ltWiDhqn
vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4=
=CR5w
-----END PGP PRIVATE KEY BLOCK-----

As always, feedback is appreciated.

Regards,

        --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 22_functional_s2k_with_GNU_dummy.diff
Type: text/x-diff
Size: 4521 bytes
Desc: patch to enable read_s2k with GNU-Dummy against GnuTLS 2.4.x
URL: </pipermail/attachments/20080822/2aca7915/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080822/2aca7915/attachment.pgp>


More information about the Gnutls-devel mailing list