Possible bug in pkcs8 import

Simon Josefsson simon at josefsson.org
Wed Oct 22 17:43:57 CEST 2008

"David Marín Carreño" <davefx at gmail.com> writes:

> Hi all.
> I am developing PKCS#8 import in gnoMint (http://gnomint.sf.net).
> For testing what are the error codes obtained while probing the type
> of a given file, I have developed a little program that tries to
> import a given file as a PEM-codified crypted and unencrypted PKCS8
> file, and the same with DER format.
> The problem is that I am not able to import any PKCS#8 file, crypted
> or unencrypted, DER or PEM. I have generated these PKCS#8 (attached)
> files using gnutls (test-pem-crypt.pkcs8), openssl
> (test-pem-uncrypt.pkcs8, and both test-der-*.pkcs8), and certtool
> (test-pem-crypt2048.pkcs8).
> I am obtaining -207 (GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) while
> trying to import a DER file as a PEM file, which is correct. But all
> other combinations always result with an error -67
> Could anyone help me? Is the problem in the PKCS8 files, in my test
> program, or in gnutls?

What is the password for your test files?

I can't seem to read your unencrypted files using openssl either:

jas at mocca:~$ openssl pkcs8 -inform pem -in test-pem-unencrypt.pkcs8 
Error reading key
19169:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ENCRYPTED PRIVATE KEY
jas at mocca:~$ openssl pkcs8 -inform der -in test-der-unencrypt.pkcs8 
Error reading key
19178:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294:
19178:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_ALGOR
19178:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=algor, Type=X509_SIG
jas at mocca:~$ 

How did you generate the files?


More information about the Gnutls-devel mailing list